“We need to think about how big this attack surface is — it’s just going to get bigger and bigger,” says Nick Rossman, global threat intelligence lead at IBM Security X-Force, which has monitored coronavirus cyberattacks since the beginning of the pandemic.
He’s seen hackers evolve alongside the pandemic, most recently turning to attacks on the process that gets vaccines from manufacturers to users. His team last month reported a phishing campaign by state actors targeting companies involved in the part of the supply chain keeping vaccines at the appropriate temperatures.
“We’re seeing this continued campaign against the supply chain in particular,” Rossman said. Now hackers are scoping out “companies or organizations that may not have been investing a ton in security but are now at the forefront of the distribution,” he says.
The race to end the pandemic has enormous economic and geopolitical consequences. Nation states seeking to hurt the United State could disrupt the vaccine distribution process as a means of weakening its global standing.
Targets include hospitals.
Ransomware attacks against hospitals have steadily climbed during the pandemic. Hackers use the form of attack to take control of an organization’s system until it pays ransom.
Even if the hackers aren’t deliberately seeking to interfere with vaccine distribution, they could benefit from the pressure hospitals are under from the coronavirus.
“Pressure to get back up and running makes them more readily willing to pay up than some other targets,” says Marc Rogers, vice president of cybersecurity at Okta. He is also co-founder of the CTI League, a group of worldwide volunteer professionals working to combat cyberattacks against healthcare organizations.
U.S. cybersecurity officials are on high alert for supply chain attacks.
The Cybersecurity and Infrastructure Security Agency is monitoring changes in potential threats brought on by vaccine distribution, says Josh Corman, chief strategist for health care and covid-19 at the agency.
CISA has been watching active threats against the coronavirus response since the pandemic started. Initially, the agency focused its efforts on hackers’ early targets: top pharmaceutical companies, research organizations, and several dozen companies that supported their functions.
Now CISA is working to provide guidance about cybersecurity and physical threats to a wide range of organizations with vastly differing levels of security. Because vaccine distribution protocols vary from state to state, CISA’s playbook is always evolving with changes in those procedures, says Corman.
Both researchers and government officials are watching out for threats from nation-state actors.
The Biden administration called for the Office of the Director of National Intelligence to assess “ongoing cyber threats and foreign interference campaigns targeting COVID-19 vaccines and related public health efforts,” in a pandemic response plan released last week.
The ODNI declined to further discuss the work.
“The DNI is committed to providing the [intelligence community’s] best insights and support to policymakers and the nation on this issue,” an ODNI spokesperson said in a statement.
Cyberattacks by foreign adversaries early in the pandemic focused on espionage and the theft of research. The United States called out both China and Russia over the summer for trying to steal coronavirus research.
Those efforts will continue as vaccine makers develop new versions of their drugs. But now added to the mix are attacks against the supply chain seeking to create U.S. economic and civil instability, experts warned.
“Countries looking to destabilize other countries are going to look to disrupt that process.” says Rogers.
Bad actors could also use attacks to stir up misinformation and confusion.
The European Medicines Agency reported yesterday that a hack of documents related to the pandemic led to manipulated and out of context versions of the documents being shared “in a way which could undermine trust in vaccines.” Cyber attacks against the U.S. supply chain could have similar results, experts warned.
Any kind of attack on the supply chain could have devastating and deadly consequences.
Criminal hackers looking to make a quick buck off the latest stage of pandemic response may be sloppier than “cautious, talented” nation-state actors, says Corman. That could lead to unintentionally devastating consequences; even financially motivated attacks could result in disruptions that create economic turmoil and loss of life.
“Adversaries [like criminal hackers] may not wish to cause loss of life or a national security event, but even something like ransomware can have an incredible impact,” says Corman. He pointed to the fallout of a 2017 attack by Russia against Ukraine’s power grid that caused billions of dollars in damage to industries worldwide.
“Malicious intent is not a prerequisite to harm.”
A delay in distribution could dramatically increase the death toll from the pandemic in the United States, Corman added. More than 419,000 Americans have died of the coronavirus.
A partnership between the private sector and government could strengthen protections.
Both Corman and Rogers pointed to a need for stronger partnerships between the private sector and government in guarding against supply chain attacks.
“We’re nowhere near out of the woods,” Corman says.
The keys
The Justice Department is asking a judge to block Internet access for the woman accused of stealing Nancy Pelosi’s laptop.
DOJ is concerned that the woman, Riley June Williams, might destroy evidence, CBS Pittsburgh reported. Williams has already deleted multiple social media profiles. A witness earlier told the FBI that Williams sought to deliver Pelosi’s laptop to Russian intelligence.
More from NBC 4 report Scott MacFarlane:
Williams is accused of theft, obstruction and trespassing, as well as violent entry and disorderly conduct on Capitol grounds.
North Korean hackers are targeting security researchers, Google says.
The hackers have been operating a blog and social media accounts to boost their credibility and interact with security researchers, Google’s Threat Analysis Group said. After getting close to them on a variety of online platforms, the hackers sent their targets custom malware through a purported vulnerability research collaboration. Once installed, the “malware acted as a backdoor, contacting a remote command and control server and waiting for commands,” researchers report.
Researchers say personal information was potentially exposed on TikTok.
The vulnerability exposed users’ cellphone information, according to Check Point Security.
The vulnerability would have enabled an attacker to access a user’s profile details and phone number associated with their account, Check Point reports. It’s unclear whether any malicious actors used the vulnerability.
“The security, privacy, and safety of the TikTok community are our highest priorities,” a TikTok spokesperson said.
TikTok has faced a string of bad press for months. Citing national security concerns, the Trump administration ordered the company’s parent, China-based ByteDance, to sell the U.S. operations of the app last year; however, the battle over it is still in the courts, with the next filing in the case due Feb. 18.
Daybook
- Vice Admiral Jeffrey Trussler, the Navy’s deputy chief of naval operations for information warfare, speaks at a webinar hosted by the Intelligence and National Security Alliance at 4:30 p.m. on Wednesday.
- The House Energy and Commerce Committee holds its formal organizational meeting on Thursday at 1 p.m.
- Army Cyber Command’s leader, Lt. Gen. Stephen G. Fogarty, and other officials speak at Vanguard Canada’s C4ISR and Beyond conference on Thursday and Friday.
