SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cyber-attackers target COVID-19 vaccine supply chain in sweeping phishing campaign
Fri, 4th Dec 2020
FYI, this story is more than a year old

IBM has today released a bombshell report detailing a phishing campaign spanning six different countries and targeting organisations tasked with maintaining the COVID-19 vaccine supply chain.

IBM's Security X-Force, a task force created in the early days of the pandemic's outbreak with an aim to combat cyber-attacks related to potential vaccines' supply chains, released details on a coordinated effort to disrupt the COVID-19 ‘cold chain'.

The cold chain is a component of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during their storage and transportation.

Beginning in September, cyber-attackers sent spear-phishing emails to executives within organisations involved in and supporting the vaccine cold chain. They did this by first disguising themselves as a business executive from Haier Biomedical, a member of the Cold Chain Equipment Optimization Platform (CCEOP) programme, and thus a credible stakeholder involved with the vaccine supply chain.

IBM says Haier Biomedical is purportedly “the world's only complete cold chain provider”.

The targets of the initial phishing campaign included the European Commission's Directorate-General for Taxation and Customs Union, as well as organisations within the energy, manufacturing, website creation and software and internet security solutions sectors. Attackers did not discriminate by region: organisations headquartered in Germany, Italy, South Korea, Czech Republic, greater Europe and Taiwan were targeted.

IBM has notified the affected entities, and has advised all other organisations involved in the vaccine supply chain “to be vigilant and remain on high alert”. This was echoed by the United States Cybersecurity and Infrastructure Security Agency (CISA), which today encouraged such organisations to review the IBM report.

IBM Security X-Force assessed the greater objective of the campaign to be credential harvesting, opening the potential for attackers to gain access to sensitive information surrounding broad vaccine distribution.

In its report, IBM Security X-Force did not reach a conclusion regarding the attribution of the phishing campaign. But, after analysis of the precise targeting of specific organisations, identification of the culprits “potentially point to nation-state activity”.

“Without a clear path to a cash-out, cyber-criminals are unlikely to devote the time and resources required to execute such a calculated operation with so many interlinked and globally distributed targets,” the Security X-Force report said.

“Likewise, insight into the transport of a vaccine may present a hot black-market commodity, however, advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target.

Barracuda Networks senior vice president international Chris Ross says the purpose of the attack on the vaccine cold chain was likely to acquire leverage in a multi-million dollar ransomware attempt, to sell critical data on the black market to the highest bidder.

“This is the first time that a significant phishing campaign has been used on a global scale to disrupt the progress of our battle with the coronavirus,” says Ross.

“This issue must be taken extremely seriously by all afflicted targets and organisations who have anything to do with the logistics, transport or distribution of the vaccine, who may have already been breached and do not yet know it.

“Implementing an immediate and comprehensive security training session combined with a rigorous refresh of company and employee passwords and usernames must be undertaken immediately in an attempt to flush out and block any existing or future attacks,” Ross says.

“Backing up key data via a sophisticated third-party cloud backup provider is also essential in protecting organisations from any future ransomware attack attempts.