COVID-19 Vaccine and Cyber Espionage

In less than a year after the first Covid-19 death was reported from China, the first clinically approved vaccine by Pfizer-BioNtech was administered to Margaret Keenan in the United Kingdom (UK) on December 8, 2020. The Pfizer-BioNtech vaccine, a messenger Ribonucleic Acid (mRNA) vaccine, is the fastest ever vaccine developed.

Subsequently, a handful of other vaccines have also been rolled out, including by Oxford-AstraZeneca in the UK, Moderna in the US, Sinovac and Sinopharm in China, Bharat Biotech in India, and Sputnik V and Epivaccorona in Russia.

Even as the world celebrates the success of the roll-out of these vaccines, some of the companies involved in vaccine development and distribution had to face disruptions due to cyber threats.

Cyberattacks on vaccine information

In July 2020, the US Justice Department accused two Chinese nationals of spying on Moderna, involved in Covid-related medical research, in a bid to steal its data.1

In October 2020, the pharmaceutical company, Dr. Reddy’s Lab, was the victim of a cyber-attack. After a data breach was reported in its servers, the company had to shut down its plants and isolate its data centres across the world, to contain the attack. The company centre in India is the contractor for Russia’s ‘Sputinik V’ Covid-19 vaccine.2 According to a report, after the data breach, the company’s stocks had gone down by around three percent. 3

In November 2020, state-sponsored hackers from China, Russia, Iran and North Korea attempted to steal valuable vaccine secrets, by targeting British drug maker AstraZeneca.4 The hackers approached AstraZeneca staff with fabricated job descriptions laced with malicious codes.5

In December 2020, IBM reported that the vaccine supply chain linked to Gavi, the international vaccine alliance which helps distribute vaccines around the world, was targeted by cyber-espionage. The logistics network used to keep the vaccines at the right temperature during transportation, was targeted with malicious codes, via phishing emails.6 While the identity of the attackers was not apparent, the sophistication of their methods indicated a nation state, according to IBM.

According to Microsoft’s Corporate Vice-President for Customer Security and Trust, Tom Burt, cyberattacks on prominent vaccine research companies in Canada, France, India, South Korea and the US were detected in recent months, by actors originating from Russia and North Korea, who used password spray — a method that uses thousands or millions of rapid attempts to hack into email accounts and brute force login attempts to steal login credentials.7

Phishing campaigns, in general, have risen ‘dramatically’ since January 2020, according to the cyber security company, FireEye.8 Such phishing campaigns have risen due to the increased need for information on Covid-related topics and the subsequent rise in the number of websites that provide such information. Inimical actors specifically created websites with the intention to spread misinformation and malware.

Some hackers used ‘socially-engineered’ coronavirus-themed phishing emails ‘crafted’ with interesting facts on Covid-19, health and lifestyle advice, and information on vaccine development. Such sites contained malicious files which impersonated official websites to ask for bitcoin donations to fund fake vaccines.9

According to a report, the top malware threats at the beginning of the pandemic included Emotet (an advanced Trojan that uses multiple evasion techniques to avoid detection) which was distributed as a coronavirus-themed messages in Japan, and Lokibot, which targeted users in Indonesia.10 As per an Interpol assessment, from January to April 2020, nearly 50,000 malicious URLs related to Covid-19 were detected.11

Stakeholder responses

Given the rise in cyber-crimes during the pandemic, various stakeholders have been urging caution on the part of the public and organisations involved in developing and distributing the vaccine. Microsoft, for instance, stated that the majority of attacks on organisations that use its security protections, were detected or prevented.12 Facebook has been working with fact-checking organisations and has set aside funds for reviewing and rating content related to the Covid-19 vaccine.13

Interpol has convened a Global Malicious Domain Taskforce to mitigate the impact of the use of such tactics. Its Cybercrime Directorate has been working with member countries, private sector partners and cybersecurity communities on the prevention, detection and investigation of Covid-19 related cybercrime.14

Government organisations like the Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security, Britain’s National Cyber Security Centre (NCSC), as well as global organisations like IBM, have encouraged organisations involved in vaccine storage and transport to remain vigilant and proactive in the fight against vaccine cyber-attacks.15

Many health care-related organisations have joined the Paris Call for Trust and Security in Cyberspace. The Paris Call, issued in 2018, is the largest multi-stakeholder coalition to address issues in the cyberspace that threaten critical infrastructure.16

The Oxford Process, a group of the world’s most prominent international law experts, has affirmed that organisations that research, manufacture and distribute Covid-19 vaccines are a part of a States’ critical infrastructure and were protected against cyber threats by international law at all times.17

Conclusion

The Covid-19 pandemic has been exploited by various cyber criminals, to mount attacks on healthcare institutions, as well as organisations involved in vaccine research and distribution. The attacks have caused operational disruptions (like in the case of the Gavi cold chain network) and economic losses (like in the case of Dr. Reddy’s Labs). With the global rollout of vaccines underway, the task ahead is not only to tackle the huge logistical challenges of producing, shipping and administering the vaccine but to detect and prevent cyberattacks that could hamper the process. A robust technology infrastructure, strong partnerships between government organisations and vaccine companies, proper incident response plans, use of multifactor authentication across organisations, awareness on phishing campaigns and increased support from cybersecurity experts and companies, can no doubt help in the efficient distribution of vaccines.

Views expressed are of the author and do not necessarily reflect the views of the Manohar Parrikar IDSA or of the Government of India.

Keywords: Cyberspace, COVID-19, Cyber Weapons