Pharmaceutical companies and research centres developing Covid-19 vaccines are likely to be a target of cyberattacks “over the next 12 months”, security experts have warned.

News that Covid-19 vaccines from Pfizer and BioNTech and Moderna may be ready for approval in the next few months has provided a glimmer of hope for the global Covid response, but it is also attracting the attention of cybercriminals.

Last week, Microsoft warned that Russian threat actors Strontium and two actors known as Zinc and Cerium, thought to originate in North Korea, are directing cyberattacks at organisations involved in vaccine development.

In a blog post, Tom Burt, corporate vice president, customer security & trust at Microsoft, highlighted that Strontium is deploying password spray and brute force attacks in an attempt to gain access to individuals’ accounts.

Zinc is using spear-phishing attacks to try and obtain credentials, and Cerium has carried out phishing attempts using Covid-19 related emails, with instances of attackers masquerading as World Health Organization representatives.

Microsoft said that “the majority of these attacks were blocked by security protections built into our products. We’ve notified all organisations targeted, and where attacks have been successful, we’ve offered help”.

Microsoft has therefore urged world leaders to “unite around the security of our health care institutions and enforce the law against cyberattacks targeting those who endeavor to help us all”.

Covid vaccine cyberattacks “inevitable”

With cybercriminals frequently capitalising on global events, it comes as no surprise that attention has turned to the Covid-19 vaccine, with a sharp rise in Covid-related phishing and spam emails in the first half the year.

In October, pharmaceutical company Dr Reddy’s, which is due to manufacture Russia’s Sputnik-V vaccine, had to shut down operations at several of its facilities after being hit by a cyberattack.

The UK National Cyber Security Centre has also warned that threat group APT29, also known as “the Dukes” or “Cozy Bear”, has been targeting organisations involved in Covid-19 vaccine development with cyberattacks.

Jake Moore, cybersecurity specialist at ESET, warned that this type of attack will likely become more common over the next year:

Covid-19 research centres are inevitably going to be targeted by criminal groups from around the world over the next 12 months, and we clearly need to maximise the security of these facilities in order to protect the intellectual property and medical research.

“The impact of a breach of this data could not only be catastrophic but also has the potential to delay the most important vaccine in generations. Such attacks can occur in a variety of ways, but so many have a success rate when hacking the human. Social engineering and highly-targeted phishing campaigns are still relatively successful and staff need to have measures in place to resist any misfortunate clicking or downloading.

“Restricted privileges and vigilance training are still key actions required to withstand such inevitable attacks.”


Read More: Lazarus malware deployed in South Korea supply chain hack.