As COVID-19 vaccine approvals and eventual distribution kicks into high gear, there has been a corresponding – and not particularly surprising – increase in cyber threat activity targeting both vaccine producers and other companies involved in the vaccine distribution chain. Most notably, “cold chain” companies responsible for safely storing and transporting the vaccines have been targeted. The problem has become so severe that both the Federal Bureau of Investigation (FBI) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently issued a joint security alert on December 3, 2020 highlighting the risk to the coronavirus vaccine distribution chain.
The alert from the FBI and CISA follows on the heels of an international security alert issued by Interpol warning that there may be an onslaught of all types of criminal activity linked to the COVID-19 vaccine by organized criminal . On December 2, 2020, Interpol issued an “Orange Notice” outlining potential criminal activity against COVID-19 cold chain transporters and highlighting the risks associated with online fraud linked to “advertising, selling and administering fake vaccines.” Interpol warned that, as COVID-19 vaccines get closer to approval and distribution, it will be critical to “ensure the safety of the supply chain and identifying illicit websites and fake products.” Interpol also advised member nations to warn the public about cyber threats associated with websites purporting to offer information about vaccines. Notably, Interpol found that, after reviewing over 3,000 websites of online pharmacies suspected of selling illicit medicines and medical devices, “around 1,700 contained cyber threats, especially phishing and spamming malware.”
The threat alert released by the FBI and CISA included information provided by the IBM Security X-Force threat intelligence task force, which is dedicated to monitoring COVID-19 cyber threats. For example, the IBM intelligence report highlighted a recent global phishing campaign targeting organizations associated with the COVID-19 vaccine distribution chain, which targeted many leading COVID-19 vaccine producers. As part of this campaign, cyber threat actors sent spear-phishing emails directly to executives involved in sales, procurement, IT, and finance positions at pharmaceutical companies involved in developing vaccines. In addition, the cyber threat actors sent phishing emails in “Requests for Quotations” to COVID-19 vaccine executives throughout the world. The emails contained malicious HTML attachments in order to conduct “credential harvesting” attacks and steal login and passwords for many of the victim’s accounts.
The IBM security intelligence report recommends the following defenses to help combat cyber threats against the COVID-19 distribution chain:
- Create and test incident response plans
- Share and ingest threat intelligence
- Assess your third party ecosystem and assess potential risks
- Apply a zero-trust approach to your security strategy
- Use multifactor authentication (MFA) across your organization
- Conduct regular email security educational training
- Use Endpoint Protection and Response
Given the proliferation of cyber-attacks against vaccine producers and the COVID-19 vaccine distribution chain, organizations involved in vaccine development or distribution should carefully review and study the recent threat alert from the FBI and CISA. Finally, in these turbulent times, it is critical that everyone remain vigilant of the threats surrounding the entire COVID-19 vaccine distribution chain.