Threat players accessed Pfizer vaccine documentation submitted to EU regulators in the latest cyber-attack trying to profit off pandemic suffering.
Criminals have not given up on stealing COVID-19 vaccine data. Yet another cyber-attack has been launched. This time, threat players were able to break into the European Medicines Agency (EMA) server & access documentation about the vaccine candidate from Pfizer & BioNTech.
Global Desperation
The breach is just another in a series of particularly nasty efforts by malicious players to capitalise on the global desperation & suffering as COVID-19 spreads & death tolls mount.
The EMA, Pfizer & BioNTech have acknowledged the attack, but are not releasing any details while the matter is investigated.
“EMA has been the subject of a cyber-attack,” the agency’s brief statement read. “The Agency has swiftly launched a full investigation, in close co-operation with law enforcement & other relevant entities.” It added that details “will be made available in due course.”
Secure
Pfizer & BioNTech, the companies behind a proposed vaccine called BNT162b2 (authorised for emergency use in the UK & elsewhere), also released a statement, adding that the 2 companies’ systems remain secure, including personal data collected from patient trials.
“Today, we were informed by the European Medicines Agency (EMA) that the agency has been subject to a cyber-attack & that some documents relating to the regulatory submission for Pfizer & BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed,”
Breached
The Pfizer-BioNTech statement commented. “It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident & we are unaware that any study participants have been identified through the data being accessed.”
Critically, all parties assured the breach will not slow down the EMA’s review of the vaccine for distribution.
COVID-19 Vaccines Under Attack
What is also unlikely to be slowed is the ongoing barrage of attacks aimed at every aspect of the vaccine’s lifecycle, from development to clinical trials & distribution.
The rise of the COVID-19 pandemic was almost immediately irresistible to scammers of all stripes. In March, the World Health Organisation was targeted by a malicious site attempting to steal staffer credentials.
In May the FBI & CISA had to release a statement warning about Chinese nation-state-backed attacks on a wide number of the healthcare sector researching COVID-19 treatments & therapies.
Prime Targets
“Health care, pharmaceutical, & research sectors working on COVID-19 response should all be aware they are the prime targets of this activity & take the necessary steps to protect their systems,” the May 13 FBI & US CISA joint statement commented.
2 months later, in July, the US Department of Homeland Security (DHS) issued a joint alert with the US National Cyber Security Center, & Canada’s Communications Security Establishment to warn about cyber-criminal gang APT29, also known as Cozy Bear, which were targeting research & academic institutions working on a COVID-19 vaccine.
Stealing Information
“Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the US & UK, highly likely with the intention of stealing information & intellectual property relating to the development & testing of COVID-19 vaccines,” the report observed.
In late July, the US Justice Dept. accused China of spying on Moderna in an effort to “conduct reconnaissance” on the company’s vaccine research.
3rd-party vendors were also easy targets. Medical software supplier E-Research Technology provides platforms for pharmaceutical companies to conduct clinical trials & was the target of a ransomware attack in early that forced researchers back to slow & tedious pen & paper data tracking.
Manufacturing Stage
When the development of a vaccine got to the manufacturing stage, malicious players kept up their efforts to capitalise on it.
Vaccine manufacturer Dr. Reddy’s Laboratories, which was contracted to manufacture the Sputnik V COVID-19 vaccine for the Russian Govt., had to shut down factories in India, Russia, the UK & the U.S. after a cyber-attack in mid-Oct.
Cold Supply-Chain Attacks
By early Dec., criminals moved their focus to the limited number of companies which could distribute the vaccine at the required super cold temperatures. Gavi, the Vaccine Alliance group aimed at rallying “cold chain” companies for vaccine distribution, was attacked in Sept.
Recently, phishing emails were sent impersonating an executive of Haier Biomedical, one of the sole end-to-end cold supply chain providers, in an attempt to steal credentials. The attack was found by IBM.
Dark Web
On Dec. 7, Europol, the European Union’s law enforcement agency issued a warning about the rise of illicit COVID-19 vaccine activity on the Dark Web, including the sale of counterfeit vaccines.
“The detection of a fake influenza vaccine confirms that criminals seize opportunities as soon as they present themselves,” the Europol warning read. “Owing to the pandemic, the demand for the influenza vaccine has been higher than usual & their risks being a shortage.
Criminals have reacted quickly by producing counterfeit influenza vaccines. The same scenario is also likely to happen when COVID-19 vaccines do become available.”
Operation Warp Speed
CISA issued guidance to ‘Operation Warp Speed’, the US Govt’s designated COVID-19 vaccine development & distribution oversight group, about the need for cyber-security vigilance around the vaccine’s supply chain.
“IBM X-Force has released a report on malicious cyber-actors targeting the COVID-19 cold chain—an integral part of delivering & storing a vaccine at safe temperatures,” the CISA statement stated.
Phishing & Spearphishing E-mails
“Impersonating a biomedical company, cyber-actors are sending phishing & spearphishing emails to executives & global organisations involved in vaccine storage & transport to harvest account credentials.
The emails have been posed as requests for quotations for participation in a vaccine program.”
This latest attack against the EMA is just another reminder of just how valuable COVID-19 vaccine data is to the world, & the criminals who would gladly steal it & sell it back to us for a profit.
https://www.cybernewsgroup.co.uk/virtual-conference-january-2021/