Indian Vaccine Makers, Oxford Lab Reportedly HackedIncidents Spotlight Growing COVID-19-Related Cyberthreats
Two Indian vaccine makers and an Oxford University lab are reportedly among the latest targets of hackers apparently seeking to steal COVID-19 research data.
See Also: 2020 User Risk Report
The Chinese state-backed hacking group APT10, also known as Stone Panda, has in recent weeks targeted the IT systems of two Indian pharmaceutical makers whose coronavirus vaccines are being used in the country's immunization program, the Reuters news service reports, citing a report from Tokyo, Japan-based cybersecurity firm Cyfirma. That company says that hackers identified gaps and vulnerabilities in the IT infrastructure and supply chain software of the pharmaceutical firm Bharat Biotech and the Serum Institute of India, or SII, one of the largest vaccine makers globally, Reuters reports.
Cyfirma says the apparent motivation behind the hackers' efforts was an attempt to exfiltrate intellectual property of the pharmaceutical firms, according to Reuters.
SII is making the AstraZeneca vaccine for many countries and will soon start bulk-manufacturing Novavax shots, the news service reports.
Cyfirma, SII and Bhara Biotech did not immediately respond to Information Security Media Group's requests for comment.
Oxford Lab Hack
Meanwhile, last week, Forbes reported that U.K.-based Oxford University's Division of Structural Biology – known as Strubi - had been hacked, with equipment used to prepare biochemical samples targeted.
While not directly involved in the development of the Oxford University-AstraZeneca vaccine, which falls under other parts of the university, Strubi’s scientists have been heavily involved in researching how Covid-19 cells work and how to stop them from causing harm, Forbes reports.
Oxford University confirmed the incident to Forbes, and the National Cyber Security Center, a branch of British intelligence agency Government Communications Headquarters, is investigating the breach, Forbes reports.
Oxford University did not immediately respond to ISMG's request for comment.
Connected Device Risks
Stanley Mierzwa, director of the Center for Cybersecurity at Kean University in New Jersey, says organizations involved in COVID-19 research need to evaluate all IoT devices and equipment that connect to their networks to ensure adequate security is in place.
"More and more of these devices, including laboratory equipment, sensors and monitoring systems, may be connecting to IP-based networks. If not implemented with proper security and updated, they can introduce cyber vulnerabilities," he says.
Surge of Incidents
Several law enforcement agencies and security vendors have issued warnings about the surge of cyberattacks in the healthcare sector, including those targeting institutions involved in COVID-19 vaccine and treatment development and their supply chain.
Last month, South Korean officials warned of attempted attacks by North Korean hackers to steal COVID-19 vaccine and treatment data from pharmaceutical maker Pfizer (see: Report: South Korea Claims North Korea Tried Hacking Pfizer).
In December, the European Medicines Agency, which helps evaluate and authorize medicines and vaccines – including those for COVID-19 – acknowledged that it had been hit with a cyberattack.
The agency said the investigation revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines had been leaked on the internet.
And in the U.S., the Cybersecurity and Infrastructure Security Agency in December issued an advisory citing a report by IBM warning organizations involved in COVID-19 vaccine production and distribution of a global phishing campaign targeting the cold storage and transport supply chain (see: Phishing Campaign Targets COVID-19 'Cold Chain').
Last summer, a joint advisory issued by the U.S. National Security Agency, the Cybersecurity and Infrastructure Security Agency, the U.K.’s National Cyber Security Center and Canada’s Communications Security Establishment said the Russian-affiliated APT29 cyberespionage group - also known as Cozy Bear and The Dukes - was targeting research entities "highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines." (See: US, UK, Canada: Russian Hackers Targeting COVID-19 Research).
More to Come?
Attacks on COVID-19 researchers and the vaccine supply chain will continue to evolve, some security experts predict.
"Where valuable assets exist and change hands, these will be targeted and the attackers will look for weak spots in the supply chain before they resort to novel attack methods," says Mark Hendry, director of data protection and cybersecurity at U.K-based law firm DWF.
"The successful attacks currently seem to be mainly coming from government-backed hacking groups with the purpose of exfiltration of IP and, while these attacks have an impact, they are not yet reported to have impacted to the extent that the public have been put at serious risk of harm or vaccination effort unduly disrupted," he notes.
Hendry says some recent attacks have targeted machinery used to prepare biochemical samples, "the worrying implication being that vaccine doses being prepared may themselves become the target of tampering."
Those involved in the distribution of vaccine doses may also be targeted, he warns. "Any tampering or delays to distribution, particularly of vaccine variants requiring ultra-cool storage, could have a serious impact on the well-being of the public."
Public concern over vaccine safety could be worsened by continued successful cyberattacks, he adds. "It is, therefore, the duty of every organization in the vaccination supply chain to protect vaccine information, systems and product for the public good."