Hackers Target COVID-19 Vaccine Supply Chain Just as World Begins Vaccinations
Each day brings us a little closer to the approval and distribution of COVID-19 vaccines in the United States. According to Health and Human Services Secretary Alex M. Azar II, officials with Operation Warp Speed (OWS) report that 20 million doses of the COVID-19 vaccine could be distributed this month.
”We are planning to be ready when [an emergency-use authorization by the Food and Drug Administration] is approved; and when the EUA decision comes [through], distribution to the American people becomes immediate within 24 hours. That’s our goal. That’s what we’re striving for,” said OWS Chief Operating Officer GEN Gustave F. Perna.
Citizens of the United Kingdom are set to receive shots of a vaccine created by Pfizer and the German company BioNTech as early as this week. They are the first Western country to issue approval for emergency use. Other countries, such as Indonesia, will soon begin vaccinations as well. Indonesia just received its first shipment of 1.2 million doses from China’s Sinovac Biotech Ltd.
While arrival of these vaccines is cause for celebration, it is also an especially critical moment for those working to create and distribute the vaccines. A key component of vaccine distribution is the cold chain, which keeps vaccines within recommended temperature ranges from the point of manufacture to the point of administration.
This week, IBM warned a global spear-phishing campaign is targeting the COVID-19 cold chain. Organizations targeted were likely associated with Gavi (the Global Alliance for Vaccines and Immunisation), a global vaccine alliance that brings together public and private sectors with the shared goal of creating equal access to new and underused vaccines for children living in the world’s poorest countries.
Attack targets spanned six countries and included the European Commission’s Directorate-General for Taxation and Customs Union, as well as organizations within the energy, manufacturing, website creation, and software and internet security solutions sectors. Nefarious actors sent emails posing as a biomedical company to executives in order to harvest credentials for wider network access.
While it is currently unknown who is behind the attacks, the IBM report says that “the precision targeting and nature of the specifically targeted organizations potentially point to nation-state activity.”
In response to this news, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is encouraging organizations involved in OWS and with vaccine storage and transportation to review the IBM report for more information, including indicators of compromise. In addition, CISA has provided tips on avoiding social engineering and phishing attacks.