One of the Interpol's of IBM warn COVID-19 vaccine network under threat
One of the Interpol's of IBM warn COVID-19 vaccine network under threat
In the wake of Interpol's warning this week that criminals are targeting supply chains for the COVID-19 vaccine, IBM's report on a distribution network under threat comes from the now valuable vaccine.
On Thursday, the International Criminal Police Organization (INTERPOL) issued an orange notification regarding possible criminal activity, including fraud, theft and illegal advertising of new coronavirus and influenza vaccines.
With COVID vaccines nearing final approval from national health authorities and distribution expected to begin within weeks, there is enormous value to what is hoped to be a vaccine that will wipe out the epidemic. "As governments prepare to roll out vaccines, criminal organizations are planning to infiltrate or disrupt supply chains." Interpol Secretary General Jurgen Stock said in a statement.
The statement added that some actors in the threat field are already advertising fake vaccines. As international travel gradually resumes, it said, fake virus test kits are also likely to be produced and sold. "It is imperative that law enforcement agencies be prepared as much as possible for what will be an attack of all kinds of criminal activities associated with the COVID-19 vaccine, and that is why Interpol is issuing this global warning."
While the INTERPOL statement was not specific, criminals may believe that the vaccine could be sold in less developed countries where it will not be distributed as quickly as those in Western countries that have already allocated tens of millions in advance for doses.
Or, they might think that companies in the distribution network would be more vulnerable to pushing threats of data theft or ransomware to ensure their companies' reputation and maintain shipping supplies. Nation states may want intellectual property to support vaccine production efforts.
The Interpol statement did not provide a specific example of the threat, but IBM Security's X-Force Threat Intelligence Service this morning said one of them has been going on since September with the goal of targeting a very narrow part of the vaccine distribution chain: the network that specializes in cold storage equipment.
The report says: "The COVID-19 phishing campaign spanned across six countries and targeted organizations potentially linked to Gavi, the Vaccine Alliance's Cold Chain Equipment Improvement Platform (CCEOP) program."
"While the consistent attribution of this campaign cannot be determined, the precise targeting of executives and key global institutions bears the potential distinguishing features of the traditional character of the nation-state."
According to IBM, someone pretending to be a business manager from Haier Biomedical, a qualified supplier in China for the CCEOP program, sent phishing emails to organizations believed to be providing material support to meet transportation needs within the COVID-19 cold chain.
The targets included the European Commission's Directorate-General for Taxes and Customs and Customs and of organizations working in the energy and manufacturing sectors, website creation, software and Internet security solutions.
Countries affected include Germany, Italy, South Korea, the Czech Republic, Greater Europe and Taiwan. The report said it is very likely that the opponent will strategically choose to impersonate "Haier Biomedical" because it is claimed to be the only provider of complete cold chain in the world.
The letters submitted requests for quotations (RFQs) related to the CCEOP program. But it contains malicious HTML attachments that open locally, requiring recipients to enter their credentials to view the file.
This phishing technique helps attackers avoid setting up phishing pages on the Internet that can be detected and removed by security research teams and law enforcement authorities.
IBM says it is not clear whether any of the attacks have succeeded. She suspects the goal was to obtain credentials, possibly to gain unauthorized future access to corporate networks and sensitive information related to the distribution of the COVID-19 vaccine.
Moving sideways across networks and staying there anonymously would allow cyber espionage to be conducted and the collection of confidential information from victims' environments for future operations.
The precise targeting of IBM leads to the suspicion that a country was behind the campaign. Without a clear path to cash out, cyber criminals are unlikely to devote the time and resources to carrying out such a calculated operation with many interconnected and globally distributed goals, she says.
IBM said organizations in the vaccine supply chain should:
- Create and test incident response plans to strengthen your organization’s preparedness and readiness to respond in the event of an attack;
- Share threat intelligence;
- Assess your third-party ecosystem and assess potential risks introduced by third-party partners. Confirm you have robust monitoring, access controls and security standards in place that third-party partners need to abide by;
- Apply a zero-trust approach to your security strategy to manage privileged data access;
- Use Multifactor Authentication (MFA) across your organization as protection in case a threat actor steals passwords;
- Conduct regular email security educational trainings so employees remain on alert about phishing tactics and are familiar with email security best practices;
- Use endpoint protection and response tools to more readily detect and prevent threats from spreading across the organization.
No comments