Who will get better of the raging COVID vaccine war?

The ongoing COVID-19 pandemic has not only created chaos in the real world but has pushed the virtual world into an utter disruption. Organizations which never had the remote working culture had to enable work from home option for its employees overnight. The IT team, which was already waging a multi-pronged war had to go agile to accommodate this emerging ‘new normal’ work culture.

Medical and educational sectors which were figuring out ways to go digital had to scamper to adapt to this evolving lifestyle in order to continue their services. With digital fortress now seemingly breaching, the cybercriminals are having a gala time. And now with the news of potential COVID-19 vaccines trickling in, these threat vectors have not left a stone unturned to make the most of the info relating to these vaccines and have resorted to different kinds of invasive methods such as phishing, spamming, etc.

With the end of the pandemic seemingly uncertain in the immediate future, the same can be said about the ongoing cyberattacks on the vaccine programs as well. We at Security MEA reached out to the top cybersecurity experts to get their comments on such data thefts-

Morgan Wright Chief Security Officer and SentinelOne

Morgan Wright, Chief Security Advisor, SentinelOne, commented “As with any unprecedented events and natural disasters, whether terrorist attacks or a pandemic, hackers, scammers, and thieves will use these as an opportunity to design phishing and spear-phishing emails to exploit fear, uncertainty, and doubt. Currently, people globally are anxious, and this is what the bad actors will seek to take advantage of.

The number of deceptive domains currently registered leveraging the pandemic continues to grow weekly and we strongly believe that there will be additional ones targeting potential vaccines coming out of Russia, following their announcement of their launch of the vaccine.

Malware will seek to exploit the willingness for victims to click on links they normally would not. The new heightened level of anxiety will reduce their usual level of caution.

Whilst Ransomware will target key sectors in healthcare, vaccine development, R&D, amongst others, as these are vital to stopping the pandemic. Consequentially, this will lead the victims of the ransomware attack to pay to get their invaluable research back and to also prevent it from being exposed to the world.

A successful vaccine could be worth hundreds of billions of dollars. As the size of the opportunity goes up, there is a corresponding number of threat actors and criminal organizations that will look to earn a slice of the profits. It’s the time to take action as the threat levels are real and will only grow.”

Haider Pasha, Senior Director and Chief Security Officer at Palo Alto Networks, Middle East and Africa (MEA)

Haider Pasha, Chief Security Officer at Palo Alto Networks, Middle East and Africa (MEA) commented: “The cybersecurity sector has experienced a significant impact from the pandemic, with high levels of cyber threats and attacks related to the virus emerging across the world. Since the beginning of the year, our research intelligence team Unit 42 identified over 40,000 newly registered websites using a COVID-19 name.

Not only is it important to have security systems in place, but it is also essential to create awareness among all employees in an organization around malicious websites and potential threats. Given the high rise of remote working, we are anticipating increased attacks targeting remote workers, and their home IT workstations and routers, which in some cases, could continue to pose a threat to their employers’ IT systems. As best practice, we advise all customers to exercise zero-trust policies, to have robust remote working procedures in place, and to make all members of staff aware of the latest cyber threats.

Organizations involved in developing vaccines must exert even greater caution and ensure that they have adequate measures in place to defend themselves against DDoS, man in the middle, and highly targeted social engineering attacks. This means having high levels of cybersecurity with zero trust and multi-factor authentication.”

John Hultquist, senior director of intelligence analysis for Mandiant Threat Intelligence, FireEye

John Hultquist, senior director of intelligence analysis for Mandiant Threat Intelligence, FireEye commented “We have identified cyber espionage at several organizations conducting research on COVID-19. Russian, Chinese, and Iranian actors have targeted multiple public and private organizations developing COVID-19 therapies. These therapies include a vaccine for COVID-19.

China has a history of targeting the biotech field heavily, especially in the years prior to the Xi agreement when they were conducting intrusions against intellectual property creators at a massive scale. This activity has greatly reduced since the Xi agreement, but we continue to see some activity targeting medical research.

Notably, there have been several cases where Chinese researchers have been accused of stealing medical research to convey to China in recent years.

Carl Leonard,Principal Security Analyst, Forcepoint

Carl Leonard, Principal Security Analyst, Forcepoint X-Labs commented, “ Forcepoint X-Labs’ research found that unwanted emails using coronavirus-linked key words rose from negligible values in January 2020 to more than half a million per day by the end of March 2020, settling down to around 200,000 per day right through until the end of May.

Given the potential financial benefit, cybercriminals are likely to continue launching COVID-19 related phishing campaigns to exploit public concern and fear of the virus, as well as network intrusion attacks to steal research data, for example, data pertaining to the development of any vaccine.

With remote working becoming the new norm, many businesses and individuals may not be able to keep their cyber defences up to date. We will see attacks targeting home workers become more frequent and sophisticated.

Human-centric cybersecurity is one approach organizations can adopt to make things like impersonation by threat actors much more difficult. Strong web and email security solutions are a good first line of defence, but attackers are determined and, with time, will always eventually infiltrate them. By monitoring user activity and movement on an ongoing basis, irregular activity suddenly becomes much more obvious.”

Morey Haber – CTO & CISO – BeyondTrust

Morey Haber, CTO & CISO, BeyondTrust, commented “The race for a cure for Covid-19 is of paramount concern to everyone in the world. Never before has a single problem-plagued every living human being, across the entire planet, at the same time. With such concern, stress, and desire for an end to the pandemic, threat actors are seizing on the opportunity to lure victims into scams ranging from faux cures, fake drug trials, and fake paid vaccine priority lists.

As an attack vector, social engineering has been the weapon of choice for threat actors and no medium has been excluded. Social media has seen a plethora of fake advertisements, rogue vignettes, and individuals have been riddled with phishing emails, text messages, and even robocalls.

With all these attacks, threat actors are using traditional tactics after social engineering a target. The results range from ransomware, malware droppers, to financial extortion with promises of a cure via phony medicine or participation in drug trials. Covid-19 has created a situation for threat actors to prey on the fear of others and utilize established extortion techniques to monetize or enable data theft of gullible and scared individuals.”

Sam Curry, Chief Security Officer, Cybereason

Sam Curry, Chief Security Officer, Cybereason, commented, “The threat to global pharma and research companies developing COVID-19 therapies and vaccines is real. The brazen nature of hacking against any company developing vaccines should be declared Acts of War because COVID-19 is a highly infectious and deadly virus. The pharma and research companies are well aware of the cyber-espionage efforts against them and give them credit for increasing their situational awareness and not letting their guard down during the pandemic.

For any organization involved in the development of therapies and vaccines, it is critical that they are deploying threat hunting services to compliment the work their internal security professional team is engaged in. Having the ability to detect malicious activity in the very early stages of an attack is critical in stopping the attempted pilfering of proprietary data.

In addition, increasing the amount of security awareness training given to employees and senior management is extremely important as humans are the weakest link in the cyber ecosystem. The training will reinforce the basics on not opening email attachments from unknown sources and not visiting dubious websites. Until a stockpile of a vaccine is built, an ounce of prevention is worth a pound of cure.

Dr. Moataz Bin Ali, Vice President, Trend Micro, Middle East and North Africa

Dr Moataz Bin Ali, Vice President, Trend Micro, Middle East and North Africa, commented, “COVID-19 is being used in many malicious campaigns — including email spam, business email compromise (BEC), malware, ransomware, malicious domains, and fraud.

For example, in the GCC in H1 2020, Trend Micro recorded 163,774 COVID-related threats: 36,312 email spam attacks in the GCC; 127,415 URL attacks, and 47 malware threats detected.

As GCC employees adapt to new methods of working, they should be wary of cybercriminals using popular online tools, sharing software, and file attachments in their scams. Unverified mobile apps tracking COVID-19 can also present major risks. To tackle this, GCC organizations need to tighten their cyber security solutions and processes against cybercriminals.”

Nader Baghdadi, Middle East Regional Sales Director, Secureworks, commented “Our recent Threat Intelligence Executive Report showed, Government-sponsored threat groups have tailored their lures to exploit the growing interest in COVID-19. For example, COPPER FIELDSTONE targeted Indian citizens with a malicious Excel file that delivered malware capable of stealing files and system data. In addition, BRONZE PRESIDENT targeted Taiwanese citizens with a phishing lure that delivered a fully-featured attacker toolkit.

The threat groups operating the ransomware likely continue to opportunistically identify targets across all industries. However, threat actors recognize that healthcare organizations are under particular pressure due to the pandemic and therefore could be more susceptible to extortion.

When we look at the topic of vaccines specifically, organizations involved in the development of vaccines, including multinational pharmaceutical companies, should remain ready to counter high-level and potentially state-sponsored cyberattacks.

As a way to do this, organizations should ensure all employees are well educated on cyber threats and the organization should implement security solutions such as Extended Detection and Response (XDR) and Managed Detection and Response (MDR), which are better equipped to tackle the latest threats we see in the region as compared with older SIEM (Security Information and Event Management) solutions.”