Are COVID-19 Vaccines and Treatments the Most Preferred Cyber Targets?

Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT, speaks about the worrisome potential security challenges around the therapeutics and vaccines developed to combat COVID.

The COVID-19 pandemic has driven a massive realignment to virtualized work and interactions, giving hackers a larger attack surface. Even more worrisome are potential security challenges around the therapeutics and vaccines developed to fight the virus. The intellectual property involved is of enormous interest to both state actors and the black and grey markets for vaccine development and distribution. Essential information from government health authorities is also under threat from hackers stoking rumours and purposeful disinformation, along with a wide array of scams and fear-based attacks.

In the GCC, UAE saw the majority of COVID-19 themed attacks. In 2020, cyberattacks in the UAE went up by 250% as organizations transitioned to remote working. These attacks ranged from data breaches and ransomware to fake vaccines registration and distribution phishing attacks. According to the NETSCOUT 2020 Threat Intelligence Report, there were 4.83 million DDoS (distributed denial of service) attacks in the first half of 2020, up 15% from 2019. Attack frequency jumped 25% during the early pandemic lockdown months of March through June. Hackers targeted e-commerce, healthcare, and online educational services–all critical to the functioning of pandemic-impacted societies. Most attacks were high-throughput and designed to bring down services while taking up as much critically needed bandwidth as possible with various identified techniques.

The Need for Pervasive Visibility

This fraught situation demands pervasive visibility into malicious threats, so enterprises can fight off DDoS attacks. Real situational awareness requires a global view beyond one organization’s perspective –whether a private enterprise or a government entity. Curated, real-time global threat data and indicators of compromise (IoCs) become even more critical. Looking internally, the concept of the network perimeter has evolved as crucial data flows migrate from centralized data centers to public and private clouds.

Ransomware and malware are also on the rise, so enterprises and government agencies need to protect their workforces and clients from phishing attacks promising coronavirus vaccine or treatment information. Such fraudulent emails may look ‘official’, purporting to distribute COVID-19 compliance data or alert employees or customers to ongoing ‘cases’ and ‘exposures.’ Malicious actors may also seek to undermine the public’s confidence and steal intellectual property, directing users to sites designed to look valid while infecting their computers with malware in potential long cons.

Protecting Every Link in the Chain

The need for security awareness especially applies to organizations involved in research, development, manufacturing, distribution, and administration of any potential vaccine or treatment. They are currently the most desirable targets for hackers, whether motivated by publicity, financial interests, or geopolitical considerations. Given that dozens of vaccine candidates are now in development or various stages of clinical trials, the field of potential targets is wide open. In fact, Cybereason’s Nocturnus research team recently revealed cyber intelligence campaigns against pharmaceutical and research companies working on Covid-19 vaccines and therapies in the UAE, the US, Japan and South Korea.

Globalized decision-making authorities and supply chains distributed among government entities, non-governmental organizations (NGOs), and private enterprises are fraught with potential vulnerabilities. Even a small break can bring down public health campaigns on city, county, state, or national levels. Information leaks, tainted supplies, or malicious disinformation can lead to the loss of public confidence and undermine efforts to bring relief from the pandemic, creating the need for network protection and cybersecurity early warning systems.

Intelligent Protection with Smart Data

Monitoring has long been the stock-in-trade for IT managers focused on detecting bottlenecks or anticipating and resolving service delivery issues. Now this market is converging with cybersecurity analytics to provide a comprehensive look into traffic and detect anomalies tied to intrusions and security vulnerabilities. Sharing a single source of truth with IT teams saves money, improves efficiency, and reduces the time to remediate threats.

It is also becoming increasingly difficult for security teams to rely solely on log-based data for cyber threat detection and investigation. Enterprise IT leaders realize that wire-based metadata and packets contain the ultimate source of truth. They enable contextual investigations and preserve payloads needed for forensic research and analysis.

Gaining pervasive visibility is only the beginning. Adding contextual, real-time analytics and threat intelligence turns massive amounts of wire data into actionable insights for efficient cyber threat detection and investigations. Aided by organizations’ security controls and workforce education, diverse groups–from private companies to NGOs–can ensure that their work to mitigate the effects of the global pandemic is secure from both internal and external threats.