Image source: pakbrunei.com.pk
Just when we thought we haven’t heard from hackers in a while, they make their presence felt, and this time with COVID-19 vaccine cold supply chain disruption.
There have been efforts by numerous hackers to meddle in the process of development of the COVID-19 vaccine, but nothing substantial has been done so far. What is even more dangerous is their interference in the cold storage systems that keep the vaccine from spoiling. They are targeting the vaccines’ storage systems this time.
Recently IBM wrote about the global phishing campaign aimed at the vaccine’s cold supply chain. Since attacks like these are not new, the threat intelligence task force was put into a form that was meant to go after all such cyber attacks a while ago.
How is the phishing campaign going to harm the vaccine?
How can a cyber attack harm the vaccine is a question perplexing many. The COVID vaccine is made from mRNA (messenger RNA) encapsulated in a lipid-based nanoparticle which is sensitive to heat. Therefore, it needs to be stored at extremely cold temperatures in order to prevent it from degradation. The recently approved Pfizer-BioNTech vaccine ought to be stored at -70C.
This is required for long-term storage. Vaccines, once put in normal refrigeration, can live for up to 30 days. To keep the vaccine from spoiling during the distribution process, a cold chain was formed for the vaccine.
The cold chain supply works by monitoring the freezer boxes in which the vaccines are stored. Special refrigeration units/boxes have been designed with dry ice wall panels for the vaccines. These cold storage units send a minute-by-minute report to the control system about the temperature conditions.
Because of this, even a slight change in the temperature can be identified, and the required action can be taken at the earliest. If the unfavorable temperature conditions prevail for longer periods, vaccines could be spoilt for good. There are only a limited number of cold storage providers like these.
Hackers are targeting exactly that. The Cold Chain Equipment Optimization Platform (CCEOP) was taken on board for this. A number of organizations from various countries formed an alliance for the vaccine storage and distribution through the platform.
What have they done so far?
What alerted the threat intelligence task force was the phishing emails by an executive from Haier Biomedical. Haier Biomedical is one of the companies that are included in the vaccine alliance and are a part of the CCEOP program on a global level. The email included a link that, when opened, asked for the credentials of the recipients.
Of course, the recipients of this email were the ones who were a part of the cold supply chain network meant to contribute to storing the COVID-19 vaccines one way or another. The credentials could then provide these hackers access to the confidential information on the cold supply chain network.
The email targeted a number of organizations, including the European Commission’s Directorate-General for Taxation and Customs Union. The hackers also targeted the energy suppliers, the solar panels manufacturing companies. The motive is obvious; to disrupt the power supply for the refrigeration units. With reliable power supply being one of the logistical challenges for many countries, hackers are trying their best to exploit the situation as much as possible.
Countering these cyber attacks
IBM task force has alerted the relevant authorities. Governments of the organizations involved have also recommended the latter to review their plans and strategies.
IBM security task X force has also shown its willingness to host a COVID-19 supply chain community on its Enterprise management platform to facilitate the access of threat information.
While the perpetrators’ origins are still unknown, the IBM task force did insinuate towards a ‘nation state activity.’
With companies like Moderna working out a quick way to get these vaccines to us, there is clearly another hurdle they should pay a lot of attention to.