Malicious actors targeting COVID-19 vaccine cold chain, new IBM report says

According to a new report by IBM Security X-Force, malicious cyber actors are targeting the COVID-19 cold chain, an integral part of delivering and storing a vaccine at safe temperatures.

Cyber attackers, posing as officials from biomedical companies, are sending phishing emails to executives and global organizations involved in vaccine storage and transport to harvest account credentials. The emails sent by these malicious actors are posed as requests for quotations for participation in a vaccine program.

The Cybersecurity and Infrastructure Security Agency (CISA) is urging Operation Warp Speed (OWS) organizations and those involved in vaccine storage and transport to review the report, titled Attackers, Are Targeting the COVID-19 Vaccine Cold Chain. IBM’s X-Force Exchange is the company’s cybersecurity branch — a cloud-based threat intelligence platform that allows customers to consume, share, and act on threat intelligence.

In a blog post on the site, Security Intelligence, IBM security officials Claire Zaboeva and Melissa Frydrych said they believe this phishing operation started in September and has spanned across six countries. It has targeted organizations likely associated with Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program. They said the precision targeting of executives and key global organizations hold the potential hallmarks of nation-state tradecraft.

The security officials said the hackers impersonated a business executive from Haier Biomedical, a credible and legitimate member company of the COVID-19 vaccine supply chain. The likely purpose was to harvest credentials in an attempt to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution.

“The targets included the European Commission’s Directorate-General for Taxation and Customs Union, as well as organizations within the energy, manufacturing, website creation and software and internet security solutions sectors. These are global organizations headquartered in Germany, Italy, South Korea, Czech Republic, greater Europe, and Taiwan,” the IBM security officials wrote.

IBM Security X-Force joins CISA in urging companies in the COVID-19 supply chain to be high alert.

“IBM Security X-Force stands ready to host the COVID-19 supply chain community on our Enterprise Intelligence Management platform, where they can share threat information and take action on the latest threat intelligence,” Zaboeva and Frydrych wrote.

Companies can increase their readiness in several ways, the experts explained, such as:

• Creating and testing incident response plans;
• Sharing and ingesting threat intelligence;
• Assessing the organization’s third-party ecosystem and potential risks introduced by third-party partners;
• Applying a zero-trust approach to security;
• Using Multifactor Authentication (MFA) throughout the organization;
• Conducting regular email security educational trainings, so employees remain; and
• Using Endpoint Protection and Response tools to better detect and prevent threats from spreading across the organization.

Organizations that require immediate assistance with incident response can contact IBM Security X-Force at 1-888-241-9812 in the United States.