Corona" has been a popular subject for phishing campaigns since the beginning of the pandemic. Since the first pharmaceutical companies reported their success in producing a vaccine, the phishers simply adapted the subject lines of the phishing emails to the current status quo. Now they carry out their criminal social engineering with the hang-up "vaccinations" or "vaccination dates".
Direct attacks on vaccine manufacturers
In addition to these newly labelled phishing attacks, the number of direct attacks on vaccine manufacturers is also on the rise:
- In mid-November, a high-ranking Microsoft executive reported on a company blog about cyberattacks on seven well-known vaccine manufacturers in Canada, France, India, South Korea and the US. A hacker group from Russia and two from North Korea were named as the perpetrators of the attacks. All three groups are said to be linked to state agencies.
- In October, the US cybersecurity company Crowdstrike reported attacks on Japanese vaccine laboratories. Here, the attacks are said to have come from China.
- Already in July, intelligence agencies of the USA, Canada and England had blamed Russian hackers for attacks on organisations involved in the development of Corona vaccines in a joint statement. According to the UK's National Cyber Security Centre (NCSC), the hacker group "Cozy Bear" was targeting the "theft of valuable intellectual property", which the NCSC said was "almost certainly" operating as part of Russian intelligence.
- At the end of November last year, developers at the British-Swedish vaccine manufacturer AstraZeneca received fake emails with lucrative job offers, peppered with digital attack tools that the hackers used to gain access to the corporation's computers. Anonymous sources suspect they originated in North Korea.
- Last October, the branches of the Indian vaccine manufacturer Dr. Reddy's in no less than five countries fell victim to a large-scale cyber attack. This time, Russian state hackers were probably not involved: Dr. Reddy's was entrusted with tests for the Russian Corona vaccine Sputnik 5.
BSI: Cybercriminals exploit general uncertainty
The German Federal Office for Information Security (BSI) and the French security agency ANSSI also noted in a joint report on the cyber security situation in both countries that cyber criminals have reacted flexibly to the Corona pandemic and are deliberately exploiting the general uncertainty among companies and the population. The healthcare sector in both countries faces the great challenge of combating the pandemic and at the same time effectively arming itself against possible cyber attacks. This is because clinics, vaccine manufacturers and their supply chains are increasingly the focus of cyber criminals, he said. "Failures in these areas can have devastating consequences that we cannot afford, especially in the midst of a pandemic," the BSI said. For this reason, the Federal Office is also in intensive talks with the German government about protecting the logistics chains for vaccines, it said.
Supply chains and cooling systems targeted
Because after widespread attempts to spy on research results, hackers are increasingly targeting these supply chains (in this case, the cold chains) as well: they are trying to disrupt supply chains, shut down cold storage facilities or penetrate supply systems. An example from Israel shows that IoT systems in particular are quite vulnerable here: there, hackers tried to drastically increase the chlorine content of public drinking water. Imagine if the hackers had direct access to vaccine production and changed the respective proportions of the active ingredients. Even small changes to the formula could significantly affect the effectiveness. This could well end in a health catastrophe.
In addition to production, storage and the rather complex logistics also represent possible points of attack. Attackers could target the corresponding temperature control systems and manipulate the storage temperature, which would greatly reduce the effectiveness of the vaccines. Logistics also offer enormous attack surfaces, for example for a ransomware attack on the scheduling software, which could lead to delays in delivery and influence the schedule for the distribution of the vaccines. In addition, storage areas could become inaccessible and transport routes could fail.
Offers of fake vaccines on the Darknet
Offers of vaccines have also multiplied on the darknet, where vaccine doses of the Biontec/Pfizer vaccine have been offered for 250 euros per dose. Europol also observed a massive 400 per cent increase in advertisements for Covid-19 vaccines. Prices also rose sharply again in January to between 400 and 1,000 euros per dose. In addition, single doses are no longer sold alone, but packages with several vaccine doses.
Risk of targeted attacks remains high
Accordingly, the BSI assesses the threat level of German pharmaceutical companies and vaccine manufacturers as high as well. BSI President Schönbohm told Deutsche Welle: "There is still a risk of targeted attacks against research institutions. Companies must also do their part, for example by making adequate investments in information security."
Companies can take some measures that offer immediate protection:
- Awareness training to protect against phishing.
- Secure data in the cloud
- Use secure VPN connections
- Secure the browser
- Protect data on all devices
- Multifactor authentication
Surely many of your employees are also interested in an imminent vaccination appointment. So they may be even quicker to open an email that suggests it contains up-to-date information on the subject. For this reason, Perseus recommends that all companies sensitise their employees to the issue as quickly as possible through appropriate training, e.g. with simulated phishing attacks. Please do not hesitate to contact us!