Under normal conditions, network security is one of the most critical points of success or failure for businesses. Faced by a global pandemic and the potential loss of further life, however, and the danger takes on a new dimension. We are living in a world in which the key logistic chains – and the seamless exchange of information they require – can be severed for immediate and devasting consequences.
Recently, IBM’s threat intelligence task force – which advises private and public organisations on cybersecurity – reported that cyber attackers had targeted the cold supply chain required to deliver Covid-19 vaccines. According to the report, the attack was likely backed by a nation state, and involved an attempt to disrupt or steal information about the process used to keep vaccines refrigerated during transit from factories to medical centres.
A disruption of the production-to-distribution pipeline could result in a loss of vaccines, as each vaccine has to be carefully stored and preserved – Pfizer and BioNTech’s vaccine must be kept between minus 70C and minus 80C – and its information recorded so that each link in the logistic chain has a full account of its history.
According to the report, the hackers targeted organisations associated with a cold chain platform run by the Gavi vaccine alliance, which is a public-private partnership that develops immunisation for poorer countries.
How the attack was carried out
This is the highest-profile incident of vaccine espionage we’ve seen yet. Interestingly, however, there were no brute force tactics involved. In fact, the strategy used was as old as email: phishing. The attack involved the attackers pretending to be the executive of a Chinese supplier of ultra-cold refrigeration, and used this pretext to mount a phishing campaign in an attempt to obtain usernames and passwords.
The aim, according to Nick Rossmann, IBM’s global lead for threat intelligence, was to disrupt the vaccine delivery process or steal intellect property. It could be argued that the consequence of one of these aims – the theft of vaccine information as intellectual property – is far less severe than the other. One may save additional lives, whilst the other cost them. Undoubtedly, disruption is the scariest outcome. The perception of vaccines is already precarious. If vaccines were seen to have been interfered or tampered with, additional resistance to and suspicion around vaccines would inevitably follow.
In IBM’s report, Nick Rossmann underlined the importance of treating the supply chain as “a new type of global critical infrastructure” to help secure vaccines. Claire Zaboeva, the senior strategic cyber threat analyst at IBM, meanwhile warned that such an attack may be the “tip of the iceberg” in a larger global campaign, as hackers attempt to find vulnerabilities in network security and use isolated companies and governments as ingresses to undermine the chain.
Implications: a time of vigilance
The IBM report highlights the sophistication of the attack. This wasn’t random. It was coordinated and researched, with deliberate intention. For network managers – or for any in charge of safeguarding critical logistical infrastructure – now’s the time for extra vigilance. In a world affronted by the same threat, it can be easy to assume we’re all in it together. This attack, however, as well as the history of our species, suggests otherwise. Where there is an opportunity, opportunists will emerge.
In this instance, the campaign spanned six countries, and the IBM researchers do not know whether the attackers were successful or not. There’s no doubt we’re currently sailing through rough seas – and it in these times that additional vigilance is required on behalf of network managers. Attacks will come from different vectors, as attackers survey network and organisational infrastructure for weaknesses. These could be within the network itself, contained within data, or created through espionage, subterfuge or the age-old nemesis to network security: user error. The stakes are only now higher due to the power of the information, and what the consequences any disruption could mean.