Cybersecurity experts warn of hackers trying to infiltrate vital vaccine supply chain
Share Now on:
This story has been updated to include new information from IBM released on Friday, Dec. 4, 2020.
A day after revealing that hackers were targeting companies in the supply chain for delivering COVID-19 vaccines, the IBM Security X-Force released more details on possible motives for the attacks and additional warnings.
Although the group did not have firsthand information about the reasons for the hacking attempts, they suggested that one motive could be corporate espionage. This could include criminals trying to obtain critical intelligence on the vaccine itself or about closely held information on transport and distribution mechanisms for the vaccine.
Another motive could be to undermine the public trust in a vaccine by hackers who could also share misinformation.
The IBM security team members also warned that it’s not just the supply chain that could be hacked. That it could include airplane and cargo transport companies. They also said that individuals within those companies, and even members of the general public could be vulnerable to cyberattack.
IBM officials cautioned that once the vaccine is available, cyber criminals could send phishing emails to just about anyone, claiming to have information about how to get a vaccine. Those bogus emails could contain malicious links designed to steal personal information from the public.
The Friday morning webinar included presentations from IBM’s senior strategic cyber threat analyst Claire Zaboeva, global lead for threat intelligence Nick Rossman and program director for security content marketing David Moulton.
On Thursday, the cyber teams at IBM and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued a dire warning today. They said that hackers are threatening what may be the most critical industries in the world right now: the companies in charge of delivering COVID-19 vaccines.
In this case, it’s called the “cold chain” because the early vaccines have to be kept at very low temperatures, and everything has to be tracked along the way.
The whole chain is a complex one, from manufacturing plants to freezer trucks and planes to cold storage at medical sites, and ultimately into people’s arms around the world.
It is not clear what the hackers are after, but that there’s plenty at stake in this essential cold chain.
The phishing emails start innocently enough, saying, “Good morning! Hope you are doing well.” The messages pretend to come from an executive at a global refrigeration company, asking for information.
If the email recipient clicked and typed in a username and password, the bad guys would get those login credentials.
Chris Painter, the former top cyber diplomat for the United States, warned, “You could use those credentials to get deeper into a computer system, to get to more sensitive areas. Essentially your credentials could be like the keys to the kingdom. Once you’re inside you could do a lot.”
For instance, criminals could steal the vaccine formula or pilfer the product and sell it on the side, or hold up delivery and demand ransom.
Also, Prashant Yadav, a fellow at the Center for Global Development, said that “if the hackers work for governments with vaccine supplies, they could also learn product delivery schedules and prices, and offer to sell their vaccines earlier, or cheaper.”
Yadav further noted that while pharmaceutical firms may have cyber defenses in place, delivery and logistics companies often do not.
“Smaller cargo operators, smaller airport clearing agents, those are the groups who have not equipped themselves with the kinds of measures that are needed to mitigate these risks,” he said.
If one spot in the vaccine chain is compromised, it could risk the whole delivery system, because everything is connected and monitored by GPS and digital apps.
“We are increasingly connecting these types of systems to networks so that we can remotely manage them. But any time you add software to something, you add vulnerability,” said Beau Woods, a consultant with a grassroots digital security group called I Am The Cavalry.
Today’s warning from IBM and CISA said the hacking targets are outside the U.S., though an American cold chain company said two weeks ago that its network was attacked.
There’s a lot happening in the world. Through it all, Marketplace is here for you.
You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible.
Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.