In response to news of a ransomware attack on eResearch Technologies, a company whose clinical trials software is widely used in clinical trials, including in AstraZeneca’s Covid-19 vaccine trial and in Bristol Myers Squibb in a multi-company initiative to develop rapid COVID-19 testing, experts offer perspective.
We don’t know how the ransomware attack happened – if it was caused by phishing, no surprise. There\’s been an intense upscale in attacks. Anything connected to sensitive data for COVID-19 is definitely under threat by foreign nation state actors or foriegn competing companies looking to find usable information. Or it could be an individual attacker or a group of attackers trying to collect money. Attackers understand this has exceptional worth because the companies are very well positioned financially, and that clinical trials make a quick payoff very advantageous. This attack is disturbing – if associated with any medical company or connected with test data, it’s important for all involved to be held accountable for security, and constantly practice testing employees against phishing attacks. This is something that could make a positive impact in a very dark time so psyops could be involved.
Ransomware attacks are not slowing down, and the recent attack on eResearch Technology, shows that no organization is safe – no matter what field they\’re in. While the attack didn\’t directly affect people involved in the clinical trials to develop a vaccine against Covid 19, the damage done may slow down research towards a vaccine, which potentially hurts all of us. Including the attackers.
There are tools such as behavioral analytics that can help organizations identify and mitigate these attacks, but it is time for law enforcement agencies across the world to step up their efforts against these international criminals. Security practitioners can do our part to secure our environments, but we don\’t have the ability, or the authority, to stop these attacks at their source. Only the international law enforcement community can do that.