IBM has reported that the organisations involved in the COVID-19 vaccinations supply chain have been targeted by calculated cyberattacks.
According to IBM’s analysis, the targeted attack began in September 2020 and spanned across six countries.
Max Heinemeyer, Director of Threat Hunting at Darktrace, commented: “2020 has seen an increase in digital supply chain attacks of this kind. Attacking the supply chain is often easier than going after the core target. This particular effort to disrupt vaccine research and development confirms that the barrier between the ‘cyber’ and ‘physical’ supply chains has all but dissolved – attacks today can start in the inbox and end up disrupting the delivery chain of a critical vaccine or service.
“A single phishing attack is easy to conduct, but executing an orchestrated spear phishing campaign against high-profile targets like this shows a lot of sophistication. The attack appears broad and sophisticated – broader than typical cybercrime campaigns that aim for quick monetisation.
“We can only speculate on the goals at this stage but information about the physical whereabouts of a vaccination that needs to be kept cold could be interesting for many nation states and could potentially disrupt the cold chain.
“The fact that this campaign has been ongoing for many months is concerning. Organisations need to get much better at detecting unusual digital activity at a far earlier stage, using cutting-edge defence technology – particularly Artificial Intelligence – across the entirety of their digital infrastructure. AI is necessary today given the sophistication and speed of the attacks that we are now witnessing across a wide-range of digital platforms and tools.”