IBM’s cybersecurity division X-Force has discovered that a string of cyberattacks has been launched targeting the companies and government organizations distributing COVID-19 vaccines.
The Department of Homeland Security (DHS) says the attacks are centered on the vaccine distribution network’s “cold chain,” a key component in delivering the vaccine at safe temperatures.
Who’s behind this?
In the New York Times’ coverage of the story, experts expressed doubt that the attacks came from China, which has been already implicated for trying to steal vaccine information from universities, hospitals, and medical researchers.
If China is out, that leaves Russia and North Korea as the next best bets. Earlier, Microsoft security engineers found that hackers from both countries attacked COVID-19 vaccine makers hoping to disrupt the vaccine’s path.
IBM-X researchers concluded that it’s likely that the adversary is intimately aware of critical components and participants of the cold chain. The likely targets in that chain include everyone from solar panel manufacturers to petrochemical manufacturers responsible for the production of dry ice, a key element of the cold chain.
Homeland Security says the attackers’ M.O. is to impersonate a biomedical company and send phishing emails to corporate executives and global organizations involved in vaccine storage and transport. The sum and substance of those emails is couched as requests for quotations for participation in a vaccine program, but the real intent is to try to obtain the account credentials of the recipients.
What is it they want?
Knowing exactly what the attackers want is difficult. They may be trying to steal the technology used to move large amounts of a vaccine across long distances at the low temperatures they require. If that’s the case, it’s nothing more than intellectual property theft.
However, the Times reports that some cybersecurity experts suspect something more sinister. They think the main goal may be to interfere with vaccine distribution or to use ransomware to essentially hold the vaccines hostage until they’re paid off to let go of their grip on the distribution network. One analyst said the ransomware theory is solid.
“There is no intelligence advantage in spying on a refrigerator,” James Lewis, who runs the cybersecurity programs at the Center for Strategic and International Studies in Washington, told the Times. “My suspicion is that they are setting up for a ransomware play. But we won’t know how these stolen credentials will be used until after the vaccine distribution begins.”
The U.S. appears safe…for now
IBM disclosed that many of the attackers’ targets are in Asia and Europe, but, to date, it did not list any U.S. companies or organizations. The biggest target on its list was the European Commission’s Directorate General for Taxation and Customs Union, which has “direct ties to multiple national government networks.”
IBM also named a South Korean software development firm and a German website development company that supports clients potentially involved in the cold chain, including pharmaceutical manufacturers, container transport, communications networks, and manufacturers of electrical components enabling sea, land, and air navigation.