COVID-19:Cold Chains Targeted During The Pandemic

The recent news of the release of the coronavirus vaccine in some countries and coming soon in others is what everyone can talk about, which automatically targets every organization involved in keeping the supply chain moving.

Recent reports suggest that these strategic global phishing campaigns started in September 2020. The campaign was able to reach across six countries targeting organizations associated with Cold Chain Equipment Optimization Platform (CCEOP) program, which is a big deal because these are organizations that make sure the vaccines being transported are kept in freezing temperatures.

How did it happen?

The hackers posed as a business executive from Hair Biomedical- a qualified supplier for the CCEOP and a Covid-19 vaccine supply chain member. Phishing emails were sent to different organizations that are involved in the transportation of the vaccine. The emails were written to look like requests for a quotation but contained malicious links that asked for their login credentials, which could potentially grant them access to the plans in place for the development and distribution of the Covid-19 vaccine.

Which organizations were targeted?

According to IBM, some of the targeted organizations include:

• The European Commission's Directorate-General Taxation and Customs Union: responsible for maintaining cooperation on customs and tax matters across the 27 member states of the European Union.

• Companies that manufacture solar panels that help keep the vaccines cold in areas where a reliable source of power isn't an option.

• Software development company in South Korea

• A website development company based in Germany that supports clients linked with pharmaceutical manufacturers, biotechnology, transportation of containers, and electrical component manufacturers for communication.

Who was behind the spear-phishing attacks?

It is unclear what the motives behind these highly calculated attacks are; the advanced insights they were after, like the vaccine's purchase and movement, leads us to believe that it may potentially be a nation-state activity.

Recommendations for organizations

• Test your company's preparedness by triggering incidents like phishing attacks to make sure employees are capable of handling these attempts

• Employ a zero-trust policy ensuring that every data accessed by employees is verified is paramount to any company's security

• Incorporate Multifactor Authentication If a malicious actor has acquired access to your credentials, MFA will act as your last line of defense by requiring a second form of verification to access the said account

• Protect your company's data from known and unknown threats by using Endpoint protection and response tools. Mobile threat defense solutions will provide robust protection to your employees' devices against logical threats.