Buzz
Since the global outbreak of COVID-19, scammers and hackers have been exploiting the concern and lack of understanding among some people, deceiving them or attempting to attack entities striving to find treatments for COVID-19. Now, as pharmaceutical companies prepare to ship vaccine doses, malicious hackers are also seeking ways to attack the complex transportation supply chain surrounding these remedies for millions of people.Two of the leading names in the race to develop COVID-19 vaccines, Pfizer and Moderna, have submitted their vaccine samples to the FDA for emergency authorization. FDA is expected to review Pfizer's vaccine sample on December 10, followed by Moderna's a week later. Regulators in the UK have already granted approval for Pfizer's vaccine on Wednesday, December 2.
If major pharmaceutical regulatory agencies urgently approve Pfizer's and Moderna's vaccines for widespread use, then the next challenge for them, or more accurately for the aforementioned pharmaceutical companies, will be how to efficiently transport the vaccines. Moderna's vaccine needs to be stored at -20°C, while Pfizer's is even more daunting, requiring storage at -70°C for maximum efficacy. To transport vaccines to various regions worldwide, Pfizer and Moderna require the assistance of experts in the cold chain transportation sector, specialized in transporting goods in stable cold environments.“This campaign began in September, meaning there are individuals seeking to capitalize on attacks on other businesses that have gone ahead to gain an advantage. This is the first time we've seen such meticulous preparation, especially concerning attacks related to the COVID-19 pandemic.”
The destructive hacking campaign targets companies and organizations working with GAVI (Global Alliance for Vaccines and Immunization), the Cold Chain Equipment Optimization Platform, also known as the Vaccine Alliance. This platform was established to standardize and optimize the entire vaccine transportation service chain under cold conditions. In a predictive aspect, this attack may not be solely aimed at profiteering; it may also serve the purpose of enabling those who hire hackers to hijack shipments of vaccines under specific conditions, thus enriching themselves at the expense of companies' efforts to stop the COVID-19 pandemic.
Among the affected entities, we can mention the European Commission's Directorate-General for Taxation and Customs Union, along with organizations empowered to review customs duties for imported goods, aiming to reduce taxes for vaccines when transported across borders of nations. Other targets include a solar panel manufacturer serving refrigerated truck units and a web developer partnered with pharmaceutical, biotech, and transportation companies.The aforementioned entities may seem unrelated at first glance, but they all have ties to the Gavi alliance and are considered part of the cold chain transportation network.How do hackers attack the vaccine supply chain?Security researchers at IBM reveal that hackers are sending emails to deceive companies, claiming that the emails are from Haier Biomedical, a Chinese company advertising themselves as the “sole comprehensive cold chain logistics service provider in the world.” These emails are sent in the form of HTML links requesting comments from partners. Clicking on these links prompts users in businesses and organizations to input data, which hackers can then exploit to infiltrate the targeted companies and organizations.
According to experts, this attack bears resemblance to previous attacks attributed to Russian hackers, targeting scientists researching COVID-19 viruses. Back in July, officials in the US, UK, and Canada raised alarms over Russian hackers deliberately disrupting COVID-19 treatment research. This summer, reports suggested Chinese hackers targeted pharmaceutical company Moderna. And this week, The Wall Street Journal reported allegations that North Korean hackers attempted to breach the systems of 9 healthcare agencies and companies, including Johnson & Johnson and AstraZeneca.In a somewhat pragmatic aspect, the race to research COVID-19 treatments isn't just against time in laboratories; it also includes sabotage to ensure competitors can't launch products first. However, what's alarming is that the vaccine delivery system, crucial for swift and accurate operations to save lives, is under surveillance by hackers.
Companies operating in the cold chain transportation sector also lack the capacity to fend off hackers compared to financial enterprises or large pharmaceutical corporations. In mid-November, a cold chain transportation company, Americold, fell victim to a ransomware attack, causing disruptions to a part of their operations. Nick Rossmann from IBM Security X-Force expressed concern, stating: “We're genuinely worried as the cold chain transportation system becomes an immensely critical infrastructure globally, individual entities involved may not be mentally and technically prepared to confront hacker disruption, and they genuinely need assistance.”According to Wired
