Not content with anti-vaxxers and grifters trying to downplay the importance of a vaccine, 2020 has thrown more hurdles in the way of those working on a COVID-19 vaccine. The latest hurdle is cybercriminals using phishing in a bid to disrupt the COVID-19 cold chain.
A cold chain is a component of a vaccine’s supply chain which keeps the vaccine cold and prevents it from spoiling, and a campaign to disrupt this was uncovered by IBM’s Security X-Force.
The team discovered a cybercriminal was impersonating a business executive from Haier Biomedical which is a legitimate cold chain solution provider. The firm even advertises its solutions for the COVID-19 vaccine on its website.
“Disguised as this employee, the adversary sent phishing emails to organizations believed to be providers of material support to meet transportation needs within the COVID-19 cold chain. We assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution,” IBM reports.
The security force goes on to say that the attackers targeted organisations withing the energy, manufacturing, website creation and software and internet security sectors. The net these attackers cast was incredibly wide with organisations in Germany, Italy, South Korea, Czech Republic and Taiwan being targeted.
The phishing emails contained malicious HTML attachments which prompted the recipient to input their credentials in order to view a file. This, IBM says, helped the attackers keep a low-profile as they didn’t need to create phishing pages on the web that security teams could find and remove.
This is incredibly concerning news and IBM’s Security X-Force has urged companies within the COVID-19 vaccine supply chain to remain vigilant.
“IBM Security X-Force urges companies in the COVID-19 supply chain — from research of therapies, healthcare delivery to distribution of a vaccine — to be vigilant and remain on high alert during this time. Governments have already warned that foreign entities are likely to attempt to conduct cyber espionage to steal information about vaccines. Today, in conjunction with this blog, DHS CISA is issuing an alert encouraging organizations associated with the storage and transport of a vaccine to review this research and recommended best practices to remain vigilant,” the security team wrote.
IBM says it is not sure whether the phishing campaign was successful but the fact that the crims are using Haier Biomedical’s name means its more likely that folks will engage with the emails without question.
As for who is behind these attacks that’s unclear though IBM says the methods and precision of the attacks point to nation-state activity.
IBM says that organisations in the COVID-19 supply chain should follow these recommendations:
- Create and test incident response plans
- Share and ingest threat intelligence
- Assess your third-party ecosystem
- Apply a zero-trust approach to your security strategy
- Use multi-factor authentication across your organisation
- Conduct regular email security educational training
- Use endpoint protection and response
[Image – CC 0 Pixabay]