Pfizer and Moderna announced promising results from their COVID-19 vaccine trials. These vaccines require a cold chain, meaning a temperature-controlled supply chain that maintains the desired temperature range throughout distribution. New research from IBM Security X-Force indicates that the cold chain is being targeted in a precision phishing campaign.
Spear-phishing emails
IBM Security X-Force created a threat intelligence task force dedicated to tracking down COVID-19 cyber threats against organizations that are keeping the vaccine supply chain moving. Their research shows that this calculated operation started in September 2020.
The purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution, according to IBM Security X-Force.
IBM Security X-Force explained the attacks, saying,
“Spear-phishing emails were sent to select executives in sales, procurement, information technology and finance positions, likely involved in company efforts to support a vaccine cold chain. We also identified instances where this activity extended organization-wide to include help and support pages of targeted organizations,”
A nation-state activity
The COVID-19 phishing campaign spanned across six countries and targeted organizations likely associated with Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program. Governments have already warned that foreign entities are likely to attempt to conduct cyber espionage to steal information about vaccines.
The spoofed phishing emails appear to originate from a business executive from Haier Biomedical, a Chinese company currently acting as a qualified supplier for the CCEOP program. While attribution is currently unknown, the precision targeting and nature of the specific targeted organizations potentially point to nation-state activity.
IBM Security X-Force recommends to defenders:
- Create and test incident response plans to strengthen your organization’s preparedness and readiness to respond in the event of an attack.
- Share and ingest threat intelligence. Threat-sharing initiatives and partnerships are essential to staying alert about the latest threats and attack tactics impacting your industry. IBM Security X-Force has been feeding this threat intelligence into the COVID-19 threat sharing enclave. At the onset of the pandemic, IBM made this enclave freely accessible to any organization in need of more eyes on cyber threats.
- Assess your third-party ecosystem and assess potential risks introduced by third-party partners. Confirm you have robust monitoring, access controls and security standards in place that third-party partners need to abide by.
- Apply a zero-trust approach to your security strategy. As environments continue to expand, managing privilege access becomes paramount to ensuring that users are only granted access to the data that is essential to their job.
- Use Multifactor Authentication (MFA) across your organization. MFA works as a fail-safe if a malicious actor has gained access to your credentials. As a last line of defense, MFA offers a second form of verification requirement to access an account.
- Conduct regular email security educational training so employees remain on alert about phishing tactics and are familiar with email security best practices.
- Use Endpoint Protection and Response tools to more readily detect and prevent threats from spreading across the organization.