To most of the world’s population, COVID-19 vaccines may be the most highly valued commodity today. That is not an exaggeration. While governments around the world announce vaccination campaigns in a phased manner, with timelines to vaccinate the entire population — President Joe Biden has set a deadline of May 2021 for vaccinating all adults — people grow more anxious each day. In February, the UN announced that more than 130 countries don’t have a single COVID-19 vaccine, while 10 countries have already dispersed 75% of all vaccines. That is a stark indicator of the rich-poor nation divide. Naturally, there is competition among nations to produce vaccines, with some nations practicing “vaccine diplomacy” or using it for regional dominance among “friendly nations.” Vaccine producers are working overtime to produce enough vaccine doses to fulfill government commitments and timelines. While pharmaceutical companies stepped up their production schedules to develop and test vaccines, adversaries tracked the news and devised campaigns to leverage the momentum generated by news coverage. They capitalize on the fear and uncertainty of people to spread misinformation and to plan attack vectors. The result: phishing campaigns with vaccine themes; malware attacks for exfiltration of sensitive and personal information and clinical trial data. Fake websites are purporting to offer (miss) information about vaccine distribution. There are attacks on supply chains and networks of pharma companies too.
By Team CISO MAG
Attacks on Pharma Companies Not New
Attacks on pharma companies occurred even before the pandemic. The attacks increased in the early months of the pandemic.
Yihao Lim, Principal Intelligence Advisor (Asia Pacific), FireEye, told CISO MAG that his company researchers have been closely monitoring attacks on pharma companies and industry institutions.
“This is not new. Since last year, we saw activities directed towards pharmaceutical companies. Not everyone is doing a vaccine, and sometimes it is not specifically to steal vaccine data. Sometimes it is just to understand what is going on in these companies and to find out if there is any new research,” said Lim.
Rohan Vaidya, Regional Director of Sales – India, CyberArk, says Indian pharma companies were attacked much before the pandemic set in. He takes us back to the beginning of 2019 when many Indian pharma companies were applying for FDA licenses for manufacturing, and then exporting drugs to the U.S. The FDA mandated certain policies for these companies to protect their intellectual property and infrastructure.
“We had conversations with these companies at that time and we realized that there was a constant attack vector that was actually happening. All conversations pointed to the fact that there have been certain incidences which they were working on and fixing. They were consulting companies and figuring out which (security) solution to buy,” said Vaidya.
Vaidya confirms that the scale of attacks on pharma companies started increasing even before the pandemic…To read the full story, subscribe to CISO MAG.
This story first appeared in the April 2021 issue of CISO MAG.