Grappling with COVID-Themed Cyber Attacks: Pharmaceutical Sector

Grappling with COVID-Themed Cyber Attacks: Pharmaceutical Sector

December 30, 2020
Green Alert
Last Update posted on
February 3, 2024
Don't let your brand be used to trap users through fake URLs and phishing pages

Identify and counter malicious links and phishing attempts effectively with CloudSEK XVigil Fake URLs and Phishing module, bolstering your defense against cyber threats

Schedule a Demo
Table of Contents
Author(s)
No items found.

The pharmaceutical industry has been in the crosshairs of cyber attacks, more frequently than ever, in the last few years. The industry appeals to cybercrooks, who are motivated by financial gains, as they generate and manage some of the most sensitive data. State-sponsored actors, with the support of governments and with the intention of settling scores with other countries, target their healthcare industries. In the event of a full-scale cyberattack, the pharmaceutical sector could incur huge losses, both financially and in terms of its invaluable data. The data, which includes Intellectual Property (IP) of patients, is then invariably sold on the dark web or held “hostage” for ransom. 

As a result, the affected organization sustains:

  • Legal penalties, 
  • Fines, 
  • Damage to business, brand reputation,
  • Lack of confidence in customers,
  • Declining revenue,
  • Network, utility outages,
  • Risk of supply chain disruption.

Recent COVID- Themed Cyber Attacks Based on the Region

India and APAC

Indian pharmaceutical giant Lupin confirmed a security incident that impacted its IT systems in November 2020 after a similar ransomware attack targeted Dr. Reddy’s Laboratories. The recent surge in cyber attacks in the Indian pharmaceutical sector is also because they are in the process of delivering affordable medicine on a large scale, owing to COVID-19. 

Interestingly enough, the ransomware attack that hit Dr. Reddy’s was soon after the company had received DCGI’s (Drug Control General of India) approval to conduct clinical trials of the Russian Sputnik-V vaccine. The personal information of individuals who participate in clinical trials are also at a risk of data exposure. Such attacks aim to derail the race towards a successful vaccine in India as well as other countries. The surge in cyber attacks against pharmaceutical companies in the APAC (Asia-Pacific) region has cost the industry close to $23 Million. 

Europe

From a global perspective as well, cyber crimes are increasingly targeting pharmaceutical companies. Recently, several European pharmaceuticals such as Swiss giant Roche, were attacked by a hacking group dubbed Blackfly. The activities of this group was traced back to China and it points to the conclusion that these attacks were state-sponsored. Blackfly, also known as the Winnti Group, deploys Winnti malware in all of their attacks, a malware known for its supply chain attacks. European manufacturers BASF and Henkel were also victims of the same ransomware group. 

Moreover, drug regulators like EMA (European Medicines Agency) have also not been spared from cyber attacks. The EU Drug regulator EMA confirmed that it was hit by a cyber attack and that the actors managed to access documents related to a COVID-19 vaccine. German biotechnology company BioNTech is in the process of developing a vaccine to treat COVID-19 along with strategic partner Pfizer. The duo suffered a cyber attack earlier this month and confirmed that its regulatory submission was accessed. 

Although EMA didn’t agree to the nature of the attack, it stated that few documents related to the regulatory submission by Pfizer and BioNtech vaccine candidates, stored on the EMA server, have been viewed. The timing of these attacks was impeccable, as EMA was working on getting the approval for 2 COVID-19 vaccines and it could have had devastating effects on the entire process. 

America 

The US drug regulatory authority FDA (Food and Drug Administration), however, outsmarted threat actors looking to steal data from them and had COVID-19 related sensitive documents delivered to them physically through FBI agents. 

Experts across the globe have traced most COVID-related attacks on pharmaceuticals back to China, North Korea, and Russia. And although the victims of these attacks have not been named, we can confirm that at least some of these companies were infiltrated successfully. 

Countries like India, UK, US, Canada, France and South Korea are all at different stages of clinical trials and development of COVID-19 vaccine; and they have all been targeted by threat groups during this global health crisis. Reports have attributed the attacks to Russia-based threat group Strontium and North Korean threat actors Zinc and Cerium. Some of the methods believed to be part of their tactics are password spray and brute force attacks (by Strontium) to steal login credentials and spear-phishing, fake job offers (by Zinc). In one of the recent examples of phishing attacks, the operators behind Cerium sent spear-phishing emails masquerading as World Health Organization (WHO) officials. 

The Way Out 

Businesses should identify their most important digital assets as well as critical assets that facilitate smooth business operations and product development. This includes identifying critical data, its location, who has access to them, the network on which their mission-critical data resides, what are the attractive propositions for threat actors. Once the critical assets are identified, organizations should segregate and protect their assets. 

They should also allocate budget for a well-rounded security system which covers intrusion detection systems and threat intelligence software. This in turn keeps them updated regarding the status of their assets. With the help of a SaaS-based vulnerability alerting platform such as CloudSEK’s XVigil, your organization is equipped to protect their data, brand, and internet exposed infrastructure, against imminent cyber threats and breaches.

Author

Predict Cyber threats against your organization

Related Posts
Blog Image
February 3, 2024

From Discussion Forums to Malware Mayhem: The Alarming Rise of Abuse on Google Groups and Usenet

Explore the escalating wave of cyber threats on platforms like Google Groups and Usenet, uncovering the pivotal role of cybersecurity in safeguarding online discussion forums.

Redirect Chain: Advertisement Services being Abused by Threat Actors to Redirect Users to Malware, Betting, Adult Websites

Threat actors have been abusing advertisement services to serve malware to users and redirect traffic to websites purchasing services from them.

Blog Image
December 29, 2023

Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking

A detailed blog on Analysis of the Global Malware Trend: Exploiting Undocumented OAuth2 Functionality to Regenerate Google Service Cookies Regardless of IP or Password Reset.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.

Take action now

Secure your organisation with our Award winning Products

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

Malware Intelligence

min read

Grappling with COVID-Themed Cyber Attacks: Pharmaceutical Sector

Grappling with COVID-Themed Cyber Attacks: Pharmaceutical Sector

Authors
Co-Authors
No items found.

The pharmaceutical industry has been in the crosshairs of cyber attacks, more frequently than ever, in the last few years. The industry appeals to cybercrooks, who are motivated by financial gains, as they generate and manage some of the most sensitive data. State-sponsored actors, with the support of governments and with the intention of settling scores with other countries, target their healthcare industries. In the event of a full-scale cyberattack, the pharmaceutical sector could incur huge losses, both financially and in terms of its invaluable data. The data, which includes Intellectual Property (IP) of patients, is then invariably sold on the dark web or held “hostage” for ransom. 

As a result, the affected organization sustains:

  • Legal penalties, 
  • Fines, 
  • Damage to business, brand reputation,
  • Lack of confidence in customers,
  • Declining revenue,
  • Network, utility outages,
  • Risk of supply chain disruption.

Recent COVID- Themed Cyber Attacks Based on the Region

India and APAC

Indian pharmaceutical giant Lupin confirmed a security incident that impacted its IT systems in November 2020 after a similar ransomware attack targeted Dr. Reddy’s Laboratories. The recent surge in cyber attacks in the Indian pharmaceutical sector is also because they are in the process of delivering affordable medicine on a large scale, owing to COVID-19. 

Interestingly enough, the ransomware attack that hit Dr. Reddy’s was soon after the company had received DCGI’s (Drug Control General of India) approval to conduct clinical trials of the Russian Sputnik-V vaccine. The personal information of individuals who participate in clinical trials are also at a risk of data exposure. Such attacks aim to derail the race towards a successful vaccine in India as well as other countries. The surge in cyber attacks against pharmaceutical companies in the APAC (Asia-Pacific) region has cost the industry close to $23 Million. 

Europe

From a global perspective as well, cyber crimes are increasingly targeting pharmaceutical companies. Recently, several European pharmaceuticals such as Swiss giant Roche, were attacked by a hacking group dubbed Blackfly. The activities of this group was traced back to China and it points to the conclusion that these attacks were state-sponsored. Blackfly, also known as the Winnti Group, deploys Winnti malware in all of their attacks, a malware known for its supply chain attacks. European manufacturers BASF and Henkel were also victims of the same ransomware group. 

Moreover, drug regulators like EMA (European Medicines Agency) have also not been spared from cyber attacks. The EU Drug regulator EMA confirmed that it was hit by a cyber attack and that the actors managed to access documents related to a COVID-19 vaccine. German biotechnology company BioNTech is in the process of developing a vaccine to treat COVID-19 along with strategic partner Pfizer. The duo suffered a cyber attack earlier this month and confirmed that its regulatory submission was accessed. 

Although EMA didn’t agree to the nature of the attack, it stated that few documents related to the regulatory submission by Pfizer and BioNtech vaccine candidates, stored on the EMA server, have been viewed. The timing of these attacks was impeccable, as EMA was working on getting the approval for 2 COVID-19 vaccines and it could have had devastating effects on the entire process. 

America 

The US drug regulatory authority FDA (Food and Drug Administration), however, outsmarted threat actors looking to steal data from them and had COVID-19 related sensitive documents delivered to them physically through FBI agents. 

Experts across the globe have traced most COVID-related attacks on pharmaceuticals back to China, North Korea, and Russia. And although the victims of these attacks have not been named, we can confirm that at least some of these companies were infiltrated successfully. 

Countries like India, UK, US, Canada, France and South Korea are all at different stages of clinical trials and development of COVID-19 vaccine; and they have all been targeted by threat groups during this global health crisis. Reports have attributed the attacks to Russia-based threat group Strontium and North Korean threat actors Zinc and Cerium. Some of the methods believed to be part of their tactics are password spray and brute force attacks (by Strontium) to steal login credentials and spear-phishing, fake job offers (by Zinc). In one of the recent examples of phishing attacks, the operators behind Cerium sent spear-phishing emails masquerading as World Health Organization (WHO) officials. 

The Way Out 

Businesses should identify their most important digital assets as well as critical assets that facilitate smooth business operations and product development. This includes identifying critical data, its location, who has access to them, the network on which their mission-critical data resides, what are the attractive propositions for threat actors. Once the critical assets are identified, organizations should segregate and protect their assets. 

They should also allocate budget for a well-rounded security system which covers intrusion detection systems and threat intelligence software. This in turn keeps them updated regarding the status of their assets. With the help of a SaaS-based vulnerability alerting platform such as CloudSEK’s XVigil, your organization is equipped to protect their data, brand, and internet exposed infrastructure, against imminent cyber threats and breaches.