Experts warn of cyberattack targeting critical COVID-19 vaccine cold chain

IBM security experts have discovered cyber threats targeting the COVID-19 vaccine, specifically the critical 'cold chain' system necessary to preserve the vaccine doses when stored and transported. The cyber attack involves a phishing campaign, according to the researchers, with the unknown entity behind the threats specifically targeting 'key global organizations' and business executives.

The findings come from a threat intelligence task force formed by the IBM Security X-Force, as recently detailed by Security Intelligence. According to the lengthy report, the team discovered the existence of a global phishing campaign that is specifically targeting organizations involved with the cold chain aspect of the COVID-19 vaccine effort.

The COVID-19 vaccine is a new development and will, at least with the initial version in the pipeline for release, need to be administered in two doses and kept at cold temperatures in storage. A temperature-controlled system is vital for the vaccine's success, and it's this same system the security experts say is the target of cyber threats.

The entity behind these attacks wasn't precisely identified, but the report notes that the precise targeting of these phishing attacks indicates 'nation-state tradecraft.' The effort may be part of government efforts to steal vaccine information; the security experts are urging all entities in the vaccine supply chain to 'remain on high alert' for cyber threats.

Following the report's publication, the US government's Cybersecurity & Infrastructure Security Agency published a note encouraging organizations involved with the vaccine to review the report and take steps to avoid phishing and social engineering attacks.

Similarly, Interpol issued a warning yesterday, December 2, warning member countries to prepare for online and physical threats from organized crime networks focused on the COVID-19 vaccine, particularly on the potential for fake vaccines to be sold and administered.