Over the last year, cybercriminals adjusted their attack tactics with new developments with the COVID-19 pandemic. With attention now on developing and distributing the vaccine for the novel coronavirus, attackers have shifted their focus to target the vaccine supply chain.
The Biden Administration’s COVID-19 response strategy calls for an assessment of “ongoing cyberthreats and foreign interference campaigns targeting COVID-19 vaccines and related public health efforts.” Attackers—especially state-sponsored actors—have already attempted to steal information related to vaccine research. The United States Cybersecurity and Infrastructure Security Agency warned members of Operation Warp Speed—organizations involved in developing the vaccine and handling the distribution logistics—to be alert late last year after an IBM X-Force report that actors impersonating a biomedical firm were sending phishing and spearphishing emails to harvest account credentials.
"The U.S. government will take steps to address cyberthreats to the fight against COVID-19, including cyberattacks on COVID-19 research, vaccination efforts, the healthcare systems and the public health infrastructure," the White House wrote in the strategy document.
New research from Recorded Future found that attackers recently expanded their focus from vaccine makers and research to include companies in the wider vaccine supply chain. State actors from China and Russia used information campaigns against the organizations involved with the vaccine to “gain business and economic advantage over competitors.”
“Threat actors have targeted the healthcare and vaccine “ecosystems” with a variety of tactics aimed at financial exploitation, intelligence gathering, and destruction,” Recorded Future’s Insikt Group wrote in the report.
Cold storage companies have been targeted by ransomware attacks and phishing campaigns and organizations involved in clinical trials, such as Indian pharmaceutical company Dr. Reddy’s Laboratories, have been hit with ransomware.
The attackers have used a variety of tactics, including phishing, ransomware, low-level scams, and business email compromise, to target the vaccine ecosystem. In some cases, it appears cybercriminals are hoping to make money by threatening to delay the roll-out, using methods such as ransomware. Both criminal and state-sponsored actors may target patient data of people who have been vaccinated, tested, or those who participated in vaccine trials. Some scams harvest victim health and financial information by offering “early access” to the vaccine, or by selling fake vaccines.
There may also be further information operations to discredit vaccines as “dangerous” or “ineffective” and continue the narrative that vaccines are being used to “track” individuals to further sow distrust, Recorded Future’s Insikt Group wrote in the report. In light of these threats, the risk assessment for the supply chain is necessary. The new director of national intelligence is tasked with leading the risk assessment. The director is expected to have a role in protecting biotechnology infrastructure from attacks and intellectual property theft. The Senate approved Avril Haines—who served as a principal deputy national security adviser to President Obama from 2015 to 2017 and deputy director of the Central Intelligence Agency from 2013 to 2015— as national intelligence director last Wednesday. Haines has spoken in the past about improving coordination between organizations who has been talking about improving coordination between the private and public sector and heightening organizations’ cybersecurity postures.
“The United States faces what is fundamentally an asymmetric threat in cyberspace and we're struggling to address it in order to protect the value that the cyber domain represents in our society," Haines said in a keynote address to the Student Symposium in Cybersecurity at Tufts University back in March. "Despite having the most powerful military in the world, less powerful actors can attack us at a relatively low cost and do so without triggering a conventional response or escalation, which would otherwise serve as a deterrent to subjects.”