Author: Brian Barrett
Wired
Two of the leading Covid-19 vaccine candidates, by Pfizer and Moderna, have been submitted to the FDA for emergency authorization; the agency is scheduled to evaluate Pfizer’s application on December 10, and Moderna’s one week later. UK regulators approved Pfizer’s vaccine on Wednesday. Which means that the next challenge for both vaccines is transporting them. They must be kept at frigid temperatures—minus 4 degrees Fahrenheit for Moderna, and 94 degrees below for Pfizer—requiring a network of specialists known as the “cold chain.” Today, security researchers at IBM are releasing findings that a campaign has for months targeted a significant number of those companies, across six different countries.
“This activity took place in September, which means that someone’s looking to get ahead, looking to be where they need to be at the critical moment,” says Claire Zaboeva, senior cyber threat analyst with IBM Security X-Force. “It’s the first time we’ve seen that level of pre-positioning within the context of the pandemic.”
The attackers sent emails purporting to be from Haier Biomedical, a Chinese company that advertises itself as “the world’s only complete cold chain provider,” under the guise of routine requests for quotations. The emails contained HTML attachments that asked the recipient to enter their credentials, which the hackers could then harvest to infiltrate the targeted company.
In a way, the attacks are simply an evolution of what Covid-19 researchers have already been facing for months. In July, officials from the US, UK, and Canada called out Russian hackers for zeroing in on vaccine development. China has also been implicated in an attempt against Moderna this summer. Just this week, The Wall Street Journal reported that apparent North Korean hackers attempted to break into nine health organizations, including pharmaceutical giants Johnson & Johnson and AstraZeneca.
The sustained cyberassault against companies and organizations working on Covid-19 research and vaccines is unsurprising, given the stakes. While not unexpected, that shift in focus to the cold chain is cause for particular concern, given the delicate and urgent nature of vaccine deployment.
“As we shift towards distributing a vaccine for Covid-19, the logistics of this operation will become extremely critical,” says John Hultquist, senior director of analysis at Mandiant Threat Intelligence. “Seemingly mundane security issues could have major repercussions to such a complex and important effort.”
“Gavi has strong policies and processes in place to prevent such phishing attacks and hacking attempts,” a Gavi spokesperson said in a statement. “We are working closely with our partners on security awareness to continue to strengthen these best practices.”
None of the attempts IBM spotted were against US-based companies. Still, in response to the IBM report, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an alert warning organizations associated with the Operation Warp Speed vaccine initiative in the US to look out for similar attacks. “Today’s report highlights the importance of cybersecurity diligence at each step in the vaccine supply chain,” CISA chief strategist for health care Josh Corman said in a statement. “CISA encourages all organizations involved in vaccine storage and transport to harden attack surfaces, particularly in cold storage operation, and remain vigilant against all activity in this space.”
The logistics around the cold chain are hard enough to get right as it is. That hackers might further complicate things—or could be in a position to upend them—is a distressing possibility as the US and the rest of the world enters a critical phase of the pandemic.
Leave a Reply
You must be logged in to post a comment.