Hackers target COVID-19 vaccine cold chain
IBM researchers have discovered that the international supply chain for COVID-19 vaccines is being targeted by hackers.
Specifically targeted is the so-called “cold chain”, which keeps vaccines at the right temperatures during transport so that they don’t degrade.
The attack takes the form of a “global phishing campaign” against organisations providing the cold chain, beginning in September 2020 and spanning across six countries. Attackers impersonated an executive from Haier Biomedical and sent emails to other organisations to “harvest credentials”
In , Claire Zaboeva, Senior Strategic Cyber Threat Analyst, IBM, said: “While firm attribution could not be established for this campaign, the precision targeting of executives and key global organizations hold the potential hallmarks of nation-state tradecraft.” She went on to say: “IBM Security X-Force urges companies in the COVID-19 supply chain — from research of therapies, healthcare delivery to distribution of a vaccine — to be vigilant and remain on high alert during this time.”
The news comes as the UK became the first country in the world the Pfizer/BioNTech vaccine for use, with 800,000 doses on their way. That vaccine is precisely the type supported by the cold chain, as it needs to be stored at -70C, highlighting the need for cyber security as the vaccine rollout begins.
Chris Ross, SVP Sales, International, Barracuda Networks, commented: “Phishing scams have surged since the outbreak of Covid-19 and the UK’s first national lockdown, with our recent data showing that spear-phishing campaigns have been disproportionately targeting schools and Universities since the start of the pandemic. However, this is the first time that a significant phishing campaign has been used on a global scale to disrupt the progress of our battle with the coronavirus – this issue must be taken extremely seriously by all afflicted targets and organisations who have anything to do with the logistics, transport or distribution of the vaccine, who may have already been breached, and do not yet know it.”
- Data platform Immuta raises US$100mn at US$1bn valuationCloud & Cybersecurity
- Tech execs present virtually at BMG live event this morningIT Procurement
- The 5 most urgent cybersecurity risksCloud & Cybersecurity
- What is Kaspersky’s cybersecurity policy for bionic devices?Cloud & Cybersecurity