A spate of cyberattacks are underway targeting businesses and government organizations that will distribute coronavirus vaccines around the world, IBM’s cybersecurity division has found, although it is not clear whether the goal is to steal the virus. technology to keep vaccines refrigerated in transit or sabotage movement.
The results are alarming enough that the Department of Homeland Security is considering issuing its own warning Thursday to Operation Warp Speed, the Trump administration’s effort to develop and distribute coronavirus vaccines, federal officials said. .
Researchers from IBM and the department’s Cybersecurity and Infrastructure Security Agency said the attacks appear intended to steal the network credentials of business executives and heads of global organizations involved in the refrigeration process needed to protecting vaccine doses, or what the industry calls the cold chain.
Josh Corman, coronavirus strategist at the cybersecurity agency, said in a statement that IBM’s report reiterated the need for “cybersecurity due diligence at every stage of the vaccine supply chain” . He urged organizations “involved in the storage and transport of vaccines to harden attack surfaces, particularly in cold storage operations.”
Cyber attackers “were working to gain access to how the vaccine is shipped, stored, kept cold and delivered,” said Nick Rossmann, who heads IBM’s global threat intelligence team. “We think whoever is behind this wanted to be able to understand the whole process of the cold chain.”
Most of the approaches have taken the form of “spear phishing” emails that impersonate an executive of a large Chinese company, Haier Biomedical, who is a legitimate participant in the distribution chain. The email says “we want to place an order with your company” and includes a draft contract that contains malware that would give attackers access to the network.
Researchers from IBM Security X-Force, the company’s cybersecurity arm, said they believed the attacks were sophisticated enough to point to a government-sponsored initiative, and not a rogue criminal operation targeting only a monetary gain. But they couldn’t identify which country might be behind them.
Outside experts said they doubted China, which has been accused of attempting to steal vaccine information from universities, hospitals and medical researchers, as it would be different from Chinese hackers to do so. pass off as executives of a large Chinese company.
If they are right, the main suspects would be hackers in Russia and North Korea, who have also been accused by the United States of carrying out attacks to steal information about the process of manufacturing and distributing them. vaccines. It is sometimes difficult to tell the difference between official hacking operations of the Russian or North Korean governments and those carried out for private purposes.
The motive is not clear either. Attackers may simply seek to steal the technology to move large quantities of vaccine over long distances at extremely low temperatures, which would be a classic form of intellectual property theft.
But some cybersecurity experts say they suspect something more nefarious: efforts to interfere with distribution, or ransomware, in which vaccines are essentially held hostage by hackers who have broken into the system that runs the distribution network. and locked it – and who demand a large payment to unlock it.
“There is no intelligence advantage to spying on a refrigerator,” said James Lewis, who heads cybersecurity programs at the Center for Strategic and International Studies in Washington. “I suspect they are preparing for a ransomware game. But we will not know how these stolen credentials will be used until the vaccine distribution begins. “
IBM researchers reported on their efforts in an interview before the company released its findings. They said the attackers had sent out various requests for pricing and product information, some allegedly on behalf of Gavi, the Vaccine Alliance, a public-private partnership that helps deliver vaccines to developing countries.
Most of the targets were in Asia, but some were European, including the European Commission’s Directorate-General for Taxation and Customs Union. IBM noted that the organization has “direct links to several national government networks,” showing that attackers had a sophisticated understanding of how to identify targets that could bring them into many countries.
But other organizations have also been targeted, from Taiwan and South Korea to Germany and Italy. Some have been involved in solar panel cooling systems for the vaccine.
The attackers’ emails were addressed to companies that provide key components of the cold chain process. These include ice-cold boxes for vaccines and solar panels that can power refrigerated vaccine containers – an important feature in poor countries where electricity can be scarce.
The researchers said the effort appeared to be aimed at stealing identifying information that could ultimately have led attackers to a wealth of information, including vaccine distribution schedules, vaccine recipient lists and where doses. are shipped.
IBM could not determine whether the attacks were successful, the company said. Researchers said attackers targeted a Gavi program launched in 2015, before the advent of the coronavirus, to improve cold chain equipment for vaccines in dozens of countries.
UNICEF, which plans to deliver vaccines to the poorest countries, appears to have been another target. Najwa Mekki, spokesperson for the organization, said IBM researchers had alerted officials to the threat to the cold chain system, and “we have informed our supply networks and alerted teams concerned about the need to increase vigilance. “
There is no indication to date that the attackers were targeting Pfizer or Moderna, whose vaccines are expected to be the first approved for emergency use in the United States. A spokeswoman for Pfizer said on Wednesday that the company’s cold storage equipment was designed by safety-conscious experts and custom built to meet the specific requirements of Pfizer’s vaccine, which is to be stored at extremely cold temperatures.