At a time when people around the world are eagerly awaiting a vaccine against the COVID-19 virus, a cyber attack would be fatal. This is precisely what puts pharmaceutical companies at focus, and makes them a very lucrative target for cyber criminals. The main motives are industrial espionage or the extortion of high ransom demands. The New York researchers named improper or completely unsecured configurations of the Remote Desktop Protocol (RDP) as a possible gateway.
Attack on the European Medicines Agency
On the night of December 10, 2020, such an attack has now occurred. Hackers perpetrated a targeted attack on the European Medicines Agency (EMA). The cyber criminals reportedly managed to access documents related to the regulatory filing for the COVID-19 vaccine developed by Pfizer and BioNTech. Fortunately, however, the damage is said to be minimal. According to the companies, the attack did not affect review deadlines, production or delivery of the vaccine. Exactly how the hackers proceeded is currently unknown. But both companies assured that no patient or other personal data fell into the hands of the hackers.
Not only pharmaceutical companies are of interest to hackers
This incident seems to have passed without serious consequences - but one would not like to imagine the impact if the hackers had stolen important and confidential information, and manipulated it or made it inaccessible. BSI President, Arne Schönbohm, has already seen pharmaceutical companies increasingly in the focus of cybercriminals in 2019. Within the same context, he highlighted that operators of national water and electricity utilities are also at risk. But why do these sectors, in particular, face higher threats? Simple - the effects of cyber attacks in those industries could lead to operational disruptions, which would have far-reaching consequences for the entire population.
The German Federal Office for Information Security (BSI), together with the Federal Office of Civil Protection and Disaster Assistance, has identified sectors that they classify as critical infrastructures, or KRITIS for short. These are systems that play an important role for society and are essential for the maintenance of important social functions. These include transport and traffic, water, energy, food, health, but also information technology and telecommunications. According to Arne Schönbohm, these sectors must place a high priority on internal IT security because of their importance to the population as a whole.
How do KRITIS organizations protect themselves?
Organizations and entities that are considered to be a critical infrastructure are given special protection. Since 2011, the national strategy for Critical Infrastructure Protection has combined all measures taken by the federal government, the states and the affected parties. Furthermore, the BSI-KRITIS-Verordnung specifies which information technology systems are important for the functioning of critical infrastructures and which organizational and technical precautions must be taken to secure these. The regulation also stipulates that all cyber incidents and cyber attacks must be reported to the BSI.
Cyber attacks on critical infrastructure worldwide
The following examples show the extent of damage possible when a cyber attack targets critical infrastructure:
- In September 2020, a cyber attack occurred at the Universitätsklinikum in Düsseldorf. For weeks, normal patient care was not possible. In some cases, patients had to be turned down or transferred to other hospitals. Doctors were unable to access X-ray images or computer monograms.
- Shortly before that, in July 2020, hackers stole customer and employee data from an energy company in Ludwigshafen. 150,000 people were affected. Particularly controversial: The attack took place in the spring and was not discovered for weeks.
- In 2017, a Saudi Arabian power plant fell victim to hackers. The aim of the attack was presumably to destroy the plant. The attack was only noticed because the malware triggered a security shutdown of the plant.
- And just before Christmas 2015, the power went out in Ukraine. More than 700,000 people were without electricity. This blackout was also caused by a cyber attack. According to media reports, the attackers managed to gain access to the system through clever social engineering. Ultimately, almost 30 substations failed, and nearly 300 cities were directly or indirectly affected.
In all likelihood, the threat from hackers will not diminish in the coming months and years - on the contrary. According to the German government, 171 successful cyber attacks on critical infrastructure facilities were recorded in the period from January to early November 2020. The year before, the figure was 121 and the year before that 62. Since these hacks have serious consequences for very many affected parties, it is important to monitor this sector particularly closely and to ensure "cyber-secure" systems.