North Korea 'launched cyber-attack on Pfizer for COVID-19 jab data'

News
Hacker image data theft

A news agency is claiming that North Korea launched a cyber-attack on Pfizer in a bid to steal information about its BioNTech-partnered COVID-19 vaccine, citing South Korea’s National Intelligence Service (NIS).

The Yonhap agency said the revelation was made during a closed-door meeting of the intelligence committee of South Korea’s National Assembly.

According to recent Deloitte report, the pharma industry is often the number one target of cybercriminals – either private or state-sanctioned – as drugmakers move toward increased digitisation and storing of highly valuable data online.

Many pharma manufacturing and R&D facilities rely on connected technology to automate processes, and this connectivity makes them more susceptible to attack by increasing the number of internet-connected points that must be protected.

With the race for COVID-19 vaccines now in high gear, and drugmakers under increased pressure to develop jabs and supply them in high quantities, the vulnerabilities are becoming more acute. A Reuters report suggests that in this case the intention may have been to sell on the data rather than using it to develop a rival shot.

Last July, the Certified Information Systems Auditor (CISA) and the National Security Agency (NSA) in the US – in tandem with cybersecurity authorities in the UK and Canada – issued an alert accusing Russian intelligence services of targeting COVID-19 research and vaccine development facilities with cyber-attacks.

“Staff are working faster, harder and longer hours than ever before,” says Jack Garnsey of cybersecurity specialist VIPRE. “In turn, this can have an effect on their cyber awareness as it falls to the bottom of their priority lists.”

Any significant delay caused by these cyber threats and hackers could endanger the lives of millions of people, as well as impact the investment that goes into making the medicines.

There’s no questioning that the development of COVID-19 vaccines and access to them has become prone to politicking however, as can be seen with the recent spat between AstraZeneca and the EU, and Russia’s declaration that it will not seek approval of its Sputnik V shot in the US.

North Korea is reported to be in line to receive nearly two million doses of the AZ COVID-19 vaccine in the first half of this year through the international COVAX vaccine distribution programme.

While stealing sensitive or valuable information is a perennial goal of hackers, often pharma companies are targeted by ransomware – such as the notorious NotPetya malware strike on Merck & Co in 2017 which took down 30,000 computers and other devices and 7,500 servers and also affected other multinational corporations like shipping giant Maersk.

That caused an estimated $1 billion in damages, lost sales and remediation costs and, according to the US intelligence services, was a side effect of a campaign carried out by Russian military hackers that was directed against infrastructure in Ukraine.

Since the Merck incident, there have also been attacks against Bayer – which suffered a year-long assault thought to originate from the China-based Winnti hacking group, as well as Pfizer, Charles River Laboratories, and Fresenius.

In 2015, online security specialist Kaspersky revealed in a blog post that Winnti had started targeting pharma companies, possibly for the purpose of carrying out industrial espionage. And last year, Europol warned that criminal networks were exploiting the COVID-19 pandemic with a surge in cybercrime.

Some attacks are aimed at stealing intellectual property (IP) related to new vaccines or treatments, it said, while others seek to scam consumers forced to carry out more activities online, or simply to disrupt healthcare services – possibly for ransom purposes but sometimes with no obvious intent.

An example of the latter was seemingly launched on Brno University Hospital in the Czech Republic amid the initial COVID-19 outbreak in Europe, shutting down its IT networks and resulting in the postponing of urgent surgeries and rerouting of new acute patients to a nearby alternative facility.