With a spurt of vaccine development, manufacturing and distribution activities in Asia, cybercriminals are targeting the region’s vaccine supply chain.

Late last year, CybersecAsia published an article on how there is big money in stealing vaccine research data, proving how even strategic research is at high risk for cyberattacks.

However, this doesn’t just apply to research and development of vaccines alone. A vaccine-related cyber-attack could entail bad actors sabotaging the ingredients for the vaccine, the production line itself, or the distribution of the vaccine via highly targeted attacks.

Following news such as Sanofi investing in a new vaccine production site and BioNTech setting up its regional headquarters and manufacturing site – bothin Singapore – it begs the question: “How can we protect the vaccine supply chain from potential sabotage?”

In terms of cybersecurity, there are measures that can be taken to prevent the potentially catastrophic consequences of a security breach. However, remote access to manufacturing facilities inevitably gives attackers more points of entry into the network.

OT (operational technology) networks require specialized solutions. Run on proprietary protocols, OT networks are often powered by legacy equipment that is incompatible with conventional IT security tools. Importantly, existing IT security tools can’t gather the necessary data from OT networks to calculate and mitigate risk.

When OT and IT networks are not carefully integrated, the entire supply chain and manufacturing network can become vulnerable and exposed to threats.

CybersecAsia sought some answers from Vijay Vaidyanathan, Regional Vice President – Solutions Engineering, APJ, Claroty:

How real is the danger of a cyber-attack on a COVID-19 vaccine supply chain?

Vijay Vaidyanathan, Regional Vice President, Solutions Engineering, APJ, Claroty

Vijay: There have already been reports of cyber-attacks against the COVID-19 vaccine supply chain.

For example, state-sponsored Chinese hackers have allegedly been targeting Indian and Japanese vaccine makers to disrupt their research and distribution efforts. Additionally, IBM X-Force reported an unknown cyber-threat incidence where bad actors targeted a vaccine supply chain via phishing, attempting to access critical systems in the “cold chain,” which is an integral part of vaccine storage.

Perhaps an attempt to steal proprietary information for transporting mass quantities of the vaccine, these adversaries could wage a disruptive ransomware attack to hold the vaccine distribution process hostage.

Moreover, digital transformation and the rapid shift to working from home amid the Covid-19 pandemic has made remote access to facilities a necessity and as a result, inevitably gives attackers more points of entry into the network. With remote work, the risk of employees being targeted by phishing or spam attacks and thus ransomware and other malware infections has increased.

In fact, Claroty’s Biannual ICS Risk & Vulnerability Report found that 71% of the industrial control system vulnerabilities disclosed were remotely exploitable through network attack vectors.

It is likely that we will see more ransomware attacks affecting critical sectors, employing extortion methods, and strategic targeting, particularly for critical areas such as the vaccine supply chain.

How do you envision a possible attack against a vaccine supply chain in Asia might play out?

Vijay: Threat actors can compromise the following processes in the vaccine supply chain.

(1) Vaccine development: As researchers around the world continue to develop and trial vaccines to combat the coronavirus, there could be a targeted attack to slow the progress or even halt vaccine development.

Such an attack might play out similarly to the Stuxnet malware, which the US and Israeli officials designed to disrupt Iran’s nuclear program by damaging its automated machine processes. Given the high stakes of bringing a safe and effective vaccine to market, it is crucial to ensure basic security hygiene, patch vulnerabilities, and lock down access to critical systems managing industrial processes.

(2) Vaccine manufacturing: Threat actors can attack the vaccine production line by tampering with the vaccine formula through hacking into operational technology (OT) networks that are connected to the internet and which run the vaccine manufacturing facilities.

These OT networks have unique requirements and proprietary protocols that are largely unrecognizable by virtual private networks (VPNs) and other traditional IT security tools. Yet, such tools tend to be popular remote access solutions for enabling enterprise IT connectivity among industrial organizations. As these solutions can be accessed via the public internet, they present a potential entry point for threat actors to introduce ransomware that could spread from the IT to OT network.

With vaccines being highly complex materials, whose delicate chemical balance ensures their efficacy, any changes that a hacker can make to the formula can render it ineffective and even harmful to the health of the recipients. An attack like this would resemble the remote attack against a water treatment facility in Florida in February, in which the attacker accessed a compromised remote access solution to increase levels of sodium hydroxide in water supply, a dangerous substance if consumed.

(3) Vaccine storage/cold chain: As the delicate nature of the vaccine requires it be stored at cold temperatures, a cyber-attack targeted at the building management systems to maintain the required temperature range could reduce the potency of vaccine batches and affect the desired immune response.

(4) Vaccine distribution: The complex supply chain for vaccines requires the product to change hands many times when making its way from its point of origin to its final destination. In 2017, a NotPetya malware was used to wage a ransomware attack against shipping giant A.P. Moller Maersk.  Similarly, attackers can wage a ransomware attack to affect scheduling software, altering the vaccine distribution schedule to delay delivery. They could also potentially lock down storage rooms or reroute transport.