COVID-19 vaccine supply chain targeted by cyber criminals

The global supply for a COVID-19 vaccine has been targeted by cyber criminals.

IBM says it has tracked a phishing campaign aimed at the delivery cold chain used to keep vaccines at the right temperature during transportation.

This is no doubt concerning, not least because there is already a lot of uncertainty about how COVID-19 vaccines will be distributed across the globe.

However, the attack shouldn’t be a surprise, given that governments and independent cyber security experts have been warning for months that criminals would target organisations handling the pandemic response.

For example, Microsoft revealed last month that it has detected attacks on pharmaceutical companies in Canada, France, India, South Korea and the US.

The perpetrators of those attacks were Fancy Bear, a Russian-based cyber espionage group, and two North Korean groups that Microsoft has dubbed Zinc and Cerium.

In this case, IBM has traced the attacks to a series of phishing emails originating in September – although the culprits aren’t yet known.

However, IBM believes their sophisticated methods are a clue that they are state sponsored.

The messages were sent to organisations linked to the CCEOP (Cold Chain Equipment Optimisation Platform) of Gavi, the international vaccine alliance, and impersonated a business executive from a legitimate Chinese company involved in the supply chain.

The scammers’ messages contained malware, meaning that anyone who complied with the scammer’s request was at risk of compromising sensitive information, such as the infrastructure that governments intend to use to distribute vaccines.

It seems unthinkable that anyone – even cyber criminals, who are renowned for targeting just about anybody – would jeopardise the safe transit of a COVID-19 vaccine. But as we have once again learned, no organisation is off limits for criminal hackers.

The good news, which IBM has demonstrated here, is that there is extreme scrutiny on cyber security threats related to vaccine distribution, which should bolster these organisations’ chances of staying safe.

Receive unlimited GDPR legal advice with our Privacy as a Service solution