Reports that COVID-19 vaccines are transported under armed guard in Europe emphasise how supply chains are increasingly targeted by criminals. In January 2021, it was reported that the mafia was targeting vaccine distribution in Italy, for example.
Evidence has also emerged of sophisticated global phishing campaigns orchestrated by nation-state actors to target organisations working on the “cold chain” – the logistics network that allows the vaccine to be distributed to the front line while remaining at low temperatures. IBM says it has evidence that individuals working for organisations involved in the vaccine’s global supply chain have been sent emails containing malicious links. The aim is to insinuate malware into systems, which is both cheap and easy. This is used by state-sponsored groups who are able to spend several months snooping around inside the system, conducting espionage attacks. Other cybercriminal organizations are more likely to encrypt systems with ransomware, looking to secure big pay-outs in return for unlocking a system.
There has been a steady progression in the activities of cybercriminals as the COVID-19 crisis unfolded. When a vaccine was desperately being sought, they targeted their phishing emails on the research institutions, turning to pharmaceutical companies as the development cycle moved to trials and production. Now the focus has shifted to transport and logistics.
The health sector has been in the cross-hairs of cybercriminals for years because of the sensitivity of its data, but these threats to the vaccine supply chain re-emphasise the need for organisations to renew their security.
It seems obvious that employees should be more vigilant, but it is worth reminding everyone that the 2020 Verizon Data Breach Investigations Report found that 22 per cent of breaches involved phishing, which is the chief delivery method for ransomware.
In a medical crisis the chances of a phishing attack succeeding are much greater as email traffic increases hugely. Overworked staff right along the supply chain have to answer requests for data and updates from around the globe. Some emails will be from familiar contacts and others from high-profile organisations they have only just started dealing with. Cybercriminals can use details from public sources to craft highly convincing messages that purport to be from a known contact or a health organisation, tricking staff into clicking on a malicious link.
Because of this rising tide of phishing, it is worth re-educating staff on what to watch out for in malicious emails. A moment’s checking can spare an organisation from a devastating attack which may go undetected for weeks or months.
The human element in security is only the first step, however. The health and pharmaceutical supply chains must start using multi-factor authentication for access privileges and automate their anti-phishing security if they are to remain secure throughout what is likely to be a prolonged vaccine roll-out over many months in different areas of the globe. Multi-factor authentication makes it significantly harder for cybercriminals to use a phished password or credential-stuffing attack to penetrate security.
Email security automation, on the other hand, reduces the chances of an employee inadvertently triggering a ransomware download from an email. It employs AI to establish baselines in activity from which it can spot irregularities, analysing business relationships and frequency of communication. The solution scans for what is unusual in message content and compares it with the trusted profiles it has established. In this way it can flag when an attack is likely, alerting the security team before disaster strikes. Since it is powered by AI, it is capable of learning from how a security team responds to alerts to become more accurate while also freeing up the time of IT employees. There are fewer calls on them to judge the safety of an email or its attachment.
Within the vaccine supply chain, all its component organisations should also reassess their posture on backup and disaster recovery. They need to ensure they have a genuinely multi-layered approach that includes frequent testing so they can be certain that critical data will be restored in the event of an attack.
A certain lack of awareness about SaaS backup also needs to be addressed. Healthcare organisations and their IT leaders need to understand that commonly used platforms like Google Workspace do not guarantee full restoration of lost data if there is a problem, either through an honest mistake or malicious act. Responsibility lies with the IT department to fill in any data protection gaps by implementing robust backup and recovery solutions, even for SaaS applications. Because backup has become a target in recent ransomware attacks, healthcare organisations should look for solutions that detect ransomware through the use of AI and follow the 3-2-1 rule. This is the policy of having three copies of the data on two different types of media, with one copy off-site.
It may be very sobering to contemplate that nation-state hackers and cybercriminals are actively targeting a vaccine supply chain designed to save millions of lives. Yet this is all the more reason to renew security right along the supply chain so that the menace of phishing and ransomware campaigns is defeated.
President & General Manager EMEA at Kaseya
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.