Europol Warns of COVID-19 Vaccine Crime GangsLatest Warning About Online Fraudsters, Supply Chain Threats
As the time for distribution of COVID-19 vaccines comes closer, law enforcement agencies across the world are warning of organized crime threats, including schemes to sell counterfeit vaccine on the dark web, as well as physical and virtual attacks targeting supply chain companies.
Europol, the European Union's law enforcement agency, on Friday issued an alert warning that organized crime gangs have "reacted swiftly to adapt its methods and product offerings to the COVID-19 pandemic."
When a COVID-19 vaccine becomes available, it will likely not be available for sale online, Europol notes. "However, fraudulent pharmaceutical products advertised as allegedly treating or preventing COVID-19 are already on sale, both offline and online," the Europol warning notes. Criminals may spread disinformation about vaccines to defraud individuals and companies, the alert adds.
"Some dark web markets feature advertisements for fake COVID-19 vaccines. The number of offers is limited at this stage but will likely increase once a legitimate vaccine becomes available," Europol notes. "Criminals advertise their fake vaccines using the brands of genuine pharmaceutical companies that are already in the final stages of testing."
Meanwhile, genuine COVID-19 vaccines will be highly valuable commodities and their supply chains - storage, transportation and delivery - will be at risk of being targeted by criminals seeking to obtain these pharmaceutical products, Europol warns.
"Organized crime groups might target transit containing COVID-19 vaccines for hijacking and theft. Transport associations are preparing for the large-scale logistical effort of transporting and distributing the vaccines taking into consideration security risks."
The alert from Europol follows a similar notification issued last week by international law enforcement agency Interpol that also warned of a potential surge in organized crime activity tied to COVID-19 vaccines (see: Interpol: Organized Crime to Capitalize on COVID-19 Vaccines).
And in the U.S., the Cybersecurity Infrastructure and Security Agency last week also issued an advisory citing a new report by IBM warning organizations involved in COVID-19 vaccine production and distribution of a global phishing campaign targeting the cold storage and transport supply chain (see: Phishing Campaign Targets COVID-19 'Cold Chain').
Many vaccines in development - including coronavirus vaccines - must be kept at low temperatures before being administered.
IBM says a spear-phishing campaign, which started in September, spans six countries and targets organizations and agencies that support the Cold Chain Equipment Optimization Platform program. That program was launched in 2015 by the United Nations Children's Fund and other partners to distribute vaccines.
The COVID-19 "cold chain" phishing campaign aims to harvest account credentials, IBM reports.
Targeted phishing attacks during the COVID-19 crisis continue to be the easiest way for attackers to circumvent traditional security, and "gaining access to credentials is a highly effective way of continuing attacks," says Chris Morales, head of security analytics at security vendor Vectra.
"Knowing about threats targeting an organization and stopping it are two different things. The attackers only need to succeed once in this scenario.
"We have already had insight into targeted attacks into the COVID vaccine supply chain. These were attacks that did bypass the perimeter but did not lead to a breach of data as they detected and stopped them first," he adds.
Mark Kedgley, chief technology officer at security vendor New Net Technologies notes that the intellectual property relating to mass-market pharmaceuticals has always had tremendous value to cybercriminals but says COVID-19 vaccine-related hacks are "a significant prize" for a cybercriminals and nation-states.
"Phishing is still a key vector in any hacking or advanced persistent threat attack - so all staff need to be extra vigilant, but it's an added reminder at a corporate level of the need to stringently operate all security controls, including system hardening, network segregation and disciplined change control," he notes.
Average times for breach detection are still routinely up around 160 days, while an attack is typically successful within hours or days. So, real-time breach detection in the age of COVID-19 "is more important than ever," he says.
"Encryption of data wherever possible and secure, segregated backups of data are sensible precautions to mitigate the damage from data theft or a ransomware attack," he adds.
Other Supply Chain Threats
Meanwhile, as threats to COVID-19 vaccines and their supply chains grow in the near term, emerging threats targeting other segments of the healthcare sector supply chain also need to be assessed carefully, some experts note.
For instance, a study released last week - Cyberbiosecurity: Remote DNA Injection Threat in Synthetic Biology - by security researchers at Ben-Gurion University of the Negev in Israel identified potential "remote DNA injection" attacks by so-called biohackers that exploit several vulnerabilities in the software stack used to develop synthetic DNA (see: Sizing Up Synthetic DNA Hacking Risks).
A remote DNA injection attack could potentially trick a victim - such as a bioengineer - who is using synthetic DNA from a supplier "into producing a dangerous substance in the victim's lab, without the victim's knowledge or physical interaction between the attacker and the lab components," the report says.
But, while potential attacks on the synthetic DNA supply chain are a concern for the emerging bioengineering segment of the healthcare sector, such attacks described in the Ben-Gurion research are "extremely advanced," Vishwas Gadgil, director of IT risk management and security at pharmaceutical firm Merck, tells Information Security Media Group.
Such attacks "would take an enormous amount of resources and, without a nation-state's backing, any mass-scale attacks are not possible, at least with today's technology," he says, noting that his comments are his own "personal opinion" and not Merck's statement.
"While it's theoretically possible to achieve what the [research] describes, there are many implicit assumptions for each and every step [of the described attack] and for all these to materialize without any sort of detection is very naive," he says. "At least in the U.S., medical procedures have multiple checks and balances, and I am hoping that those will work."