Cyber-attacks detected during vaccine distribution operations

There are a number of cyber-attacks against companies and government organizations that distribute coronavirus vaccines around the world, IBM’s cybersecurity department said, although it is unclear whether the goal is to steal vaccines’ technology in the refrigerator during transport. sabotages the movements.

The results are alarming enough that the Department of Homeland Security plans to issue its own warning on Thursday about Operation Warp Speed, the Trump government’s efforts to develop and distribute coronavirus vaccines, federal officials said.

Both IBM researchers and the department’s Cyber ​​Security and Infrastructure Security Agency say the attacks appear to steal network credentials from corporate executives and officials at global organizations involved in the cooling process required to protect vaccine doses, or what the industry call it a cold chain.

Josh Corman, a cyber security agency’s coronavirus strategist, said in a statement that the IBM report recalls the “need for cyber security care at every step of the vaccine supply chain”. He urged “organizations involved in the storage and transport of vaccines to harden the attack surfaces, especially in cold stores.

Cyber-attackers have worked to gain access to vaccine delivery, storage, refrigeration, and transportation, ”said Nick Rossmann, who leads IBM’s global threat research team. “We think whoever’s behind this wanted to understand the whole cold chain process.”

Several approaches came in the form of “spear phishing” emails that returned the CEO of a large Chinese company, Haier Biomedical, a legitimate player in the distribution chain. The email says, “We want to place an order with your company,” and contains a draft that contains malware that gives attackers access to your network.

Researchers at IBM Security X-Force, the company’s cybersecurity division, said the attacks were quite sophisticated and pointed to a government-backed initiative rather than a crime for purely financial gain. But they could not identify which country might be behind them.

External experts say China is accused of trying to steal vaccine information from universities, hospitals and medical researchers because, unlike Chinese hackers, it would impersonate the leaders of a large Chinese company.

If they were correct, the leading suspects would be hackers in Russia and North Korea, both of whom the United States also accused of stealing information about the process of making and distributing vaccines. Sometimes it is difficult to distinguish between official hacking operations by the Russian or North Korean governments and those seeking private gain.

The motive is also not clear. Attackers are simply trying to steal the technology to move large amounts of vaccine over long distances at extremely low temperatures, which would be a classic form of intellectual property theft.

However, some cybersecurity experts say they suspect something vile: efforts to intervene in distribution or ransomware, in which vaccinations are essentially taken hostage by hackers who have entered the system running the distribution network and shut it down – and who demand a large amount of demand.

“There’s no intelligence advantage in spying on the fridge,” said James Lewis, who runs the cyber security programs at the Center for Strategic and International Studies in Washington. “My suspicion is that they are preparing for a ransomware game. But we only know how to use the stolen credentials after we start distributing the vaccines. “

IBM researchers reported their efforts in an interview before the company released its findings. According to them, the attackers sent various requests for price and product information, allegedly on behalf of Gavi, a public-private partnership called the Vaccine Association, which helps developing countries with vaccinations.

Many destinations were in Asia, but some were European, including the European Commission’s Directorate-General for Taxation and Customs Union. IBM noted that the organization is “directly connected to several national government networks,” which shows that attackers have a sophisticated understanding of how to identify targets that can reach many nations.

But other organizations have also been targeted, from Taiwan and South Korea to Germany and Italy. Some were involved in the vaccine’s solar-controlled cooling system.

The attackers ’emails were addressed to companies that provide key elements of the cold chain process. These include ice-lined extinguishing boxes and solar panels that can operate refrigerated extinguishing tanks – an important feature in poor countries with low electricity.

The researchers said the effort was apparently aimed at stealing ID cards that could ultimately lead to a plethora of information for attackers, including a schedule for distributing vaccines, a list of vaccine recipients, and a delivery location for doses.

IBM was unable to determine whether the attacks were successful, the company said. The researchers said the attackers targeted a Gavi program launched in 2015, before the coronavirus appeared, to upgrade cold chain equipment against vaccines in dozens of countries.

UNICEF, which plans to transport vaccines to poorer countries, appears to have been another target. Najwa Mekki, a spokesman for the organization, said IBM researchers had alerted officials to the threat of the cold chain system and “informed our supply networks and warned affected teams of the need to increase vigilance.”

So far, there is no indication that the attackers were targeting Pfizer or Moderna, whose vaccines are expected to be the first to be approved for emergency use in the United States. A Pfizer spokesman said on Wednesday that the company’s cold storage equipment was designed by safety-conscious professionals and was individually designed to meet the special requirements of Pfizer’s vaccine, which must be stored at extremely cold temperatures.