The latest edition of Subex’s threat landscape report has extensively highlighted the growing attacks on pharmaceutical companies. This includes companies that are manufacturing the Covid-19 vaccines in 5 countries. This list includes India, United States, UK, South Korea, and Germany.
To offer an answer, we have to go back to 2015. On a particularly cold day in December, in the Ivano-Frankivsk region of Western Ukraine, computer screens connected to breakers came alive and started shutting down one substation after the other. Desperate plant employees tried to wrestle back control but with little success. In a few hours, more distribution centers went offline and almost 230,000 people were left in the dark.
This is an attack that everyone remembers and is almost considered as 9/11 among cyberattacks. While this cyberattack taught cyber defenders a few lessons, the hackers were able to learn a few things as well. After this attack, many APT groups invested heavily in evolving and propagating reconnaissance malware. Even malware that was being sold in closed forums was trojanized to leave backdoors open for malware developers to conduct reconnaissance operations on networks they were not targeting.
Within just a few years, many groups, therefore, stockpiled billions of bytes of stolen credentials, network security measures, vulnerabilities, and more. As Subex’s threat research report from 2019 points out, the number of reconnaissance attacks has been climbing at an exponential pace since 2015. This means that hackers are keeping tabs on everything in cyberspace from their bunkers waiting for a good opportunity to come by for them to unleash mayhem.
In the case of the pharma companies, the increased focus on vaccine production presented one such opportunity. So here are the reasons why the attacks on vaccine manufacturers increased significantly in 2020:
- Disrupting either supply chains or manufacturing processes could potentially prolong the battle against Covid-19. This means that potential targets of hackers (including other businesses, governments, oil and gas companies etc.,) will remain in a state of disruption for a prolonged period. Without a significant proportion of the world population being vaccinated, we cannot even begin to imagine the pandemic being defeated.
- North Korea: the second cluster of APT actors that is based in this country loves to attack anything that is at the center of world attention.
- One of the attacks was traced to a country that was not given sufficient doses of these vaccines and these cyberattacks were done in retaliation.
- Because companies are not paying enough attention to reconnaissance attacks, they are allowing hackers to do more damage in the long run
Even in the case of the recent cyberattacks on the Mumbai power grid, there are indications that if the cyberattack had actually happened, the attack was carried out after at least 3 years of intense reconnaissance activity by the threat actors involved.
Download the latest edition of Sectrio’s threat landscape report.