Cybercriminals are Now Targeting COVID Vaccine Distribution

At least two COVID-19 vaccines may soon be ready for global distribution.

This is good news for just about everyone — especially essential workers and medical professionals who are first in line for a vaccination. However, there are signs that some criminals are looking to take advantage of the good news.

Cybercriminals have taken advantage of the COVID chaos since the beginning of the pandemic. Now, weeks ahead of the first stage of vaccine distribution, IBM security researchers have uncovered a large-scale plot to target the “cold chain” that will bring the vaccine from manufacturers to healthcare providers.

On December 3, 2020, IBM researchers announced that they had uncovered a “global phishing scheme” aimed at the COVID-19 vaccine cold chain.

According to a press release from the research team, the phishing campaign spanned more than six countries and targeted organizations associated with Gavi, a public-private health partnership involved in the distribution of COVID-19 vaccines. The researchers are part of an IBM threat intelligence task force formed at the onset of the pandemic in order to track threats against the vaccine supply chain.

While the IBM research team was able to identify how the attack was carried out, the researchers were unable to determine whether it was successful — and what kind of access or credentials the hackers may still have.

The motive for the attack also wasn’t clear. The researchers speculated that the hackers might be after information related to the transport of the vaccine. This information could be a valuable commodity, both on the black market or when passed on to a national government.

The attacks aren’t the first time hackers have coordinated to probe supply chain security during the pandemic. In June, the same IBM task force announced the discovery of a similar phishing scheme that targeted a global PPE supply chain. In a press release, the researchers wrote that the hackers, who were potentially state actors, likely intended to profit off of the supply chain — or support the “acquisition activities of [a] host nation.”

The attack on the cold chain is the most recent in a number of schemes that hackers have launched during the pandemic.

In the early days of lockdowns, hackers took advantage of the chaos to launch new phishing attacks.

The shift to working from home, for example, created a variety of security risks — risks that hackers were eager to take advantage of. Fear and misinformation around COVID-19 also prompted new attacks. By summer 2020, security researchers had reported phishing schemes of all kinds, with hackers sometimes impersonating contact tracers or offering information on non-existent testing services.

Even major organizations are at risk. Over the year, there was a major rise in ransomware attacks on hospitals. This led to fears that hackers could compromise systems that were critical in keeping hospitals running as they faced a wave of COVID cases in the fall.

The attack on the cold chain, however, is likely the most sophisticated cyberattack that researchers have uncovered during the pandemic so far.

Hackers may likely continue trying to take advantage of the COVID vaccine distribution process. Information about distribution could be extraordinarily valuable to both private and state actors. Without the right precautions, companies involved in the vaccine cold chain could be vulnerable to phishing schemes and other attacks — potentially threatening distribution.

It’s likely that smaller-scale attacks will continue to be a serious problem as well. There’s no sign that hackers are slowing down their attacks on small businesses and individuals. As the pandemic winds down, vigilance and cybersecurity knowledge will remain important.