[ad_1]
Nick Rossmann, Head of Global Threat Intelligence at IBM Security X-Force, joins Kristin Myers of Yahoo Finance to discuss new cyber attacks uncovered during COVID-19 vaccine distribution operations.
Video transcript
KRISTIN MEYERS: Well, Homeland Security had to issue a warning after companies and organizations that will participate in the distribution of coronavirus vaccines faced cyberattacks. And IBM researchers say they appear to be government funded.
So let’s dive into this topic now with Nick Rossman, Global Head of Threat Intelligence at IBM Security X-Force. It’s the cybersecurity division of the company and a very cool name I have to add here, Nick. So you are saying that these cyber attacks are likely to be supported by the government because they are of such a sophisticated nature. Which country is most likely to try to hack some of these systems?
NICK ROSSMANN: Well, Kristin, thank you very much for inviting me. We have seen a global spear campaign against organizations and the cold chain. So the cold chain includes all the ways the vaccine is stored and shipped to us, all the refrigeration mechanisms that must go into it.
You know, I think when we think about the motivations behind this attack, we focus on a potential nation state behind it and we just think about what they could potentially gain from new refrigeration technologies that might come to market, how some of the petrochemicals are made and processed to be able to keep the vials safe, but potentially even a disruptive or destructive attack that could wipe out the vaccines.
KRISTIN MEYERS: So could it be China, Russia, North Korea? Which of these countries – which of these countries do you think is most likely or maybe none?
NICK ROSSMANN: So what we looked at – whoever was behind it had his digital gloves pretty tight. They left no digital footprints that we can go back to. So we don’t know who it is. I think the motivation corresponds to a country that is ready to make this investment in this area.
What was really unique, however, was that the blanket used was a Chinese biomedical company – or excuse me – the Haier manufacturing company. And they are a legitimate manufacturer. Now we think the operators behind this have usurped them, right? These are not emails coming directly from this company. But it is essential to see how precise this campaign was in the specific targeting of these organizations.
KRISTIN MEYERS: So I want to go back a bit on the motivations but also what these hackers are really trying to access. So, is this information on – how to do cold storage, which would be intellectual property theft? Or are they trying to completely disrupt the vaccine distribution process? Because they’re two very different scenarios at least in my mind and have very different long-term implications next year, especially if some of these companies try to release the vaccine.
NICK ROSSMANN: Absolutely. So once they get the credentials it’s true. After the spearphishing emails arrive, someone accidentally enters their username and password. The possibilities are open to them anyway. We think one possibility could be intellectual property, all the ways in which the cold chain is managed in refrigeration processes, as you said, that intellectual property.
But we cannot rule out the potential for disruption. And in that case, a disruptive attack could result in actual destruction. A moment of ransomware against one of these vendors could literally thaw the vaccine when all the computers could be frozen on their computer network.
KRISTIN MEYERS: OK, so I want to, like, just make this so clear to everyone back home, right? First, what is the likelihood that they can be successful, right? This is the first question for you. And secondly, if they are, and if they want to stop the distribution of vaccines, what you’re saying is that they could potentially prevent the setting up of vaccines. They could turn off the refrigeration to completely destroy the vaccine or maybe block it or demand money. I kind of wonder how bad this scenario can really be.
NICK ROSSMANN: So we were able to see many possibilities. The bottom line is that once they get access to the network and start moving around, that’s going to be a critical factor, right? And what network do they have access to? It could be a small refrigeration business, right? Has a small set of vaccines. The impact could be limited.
But even then, even if the impact of the vaccine thaw is on 10,000 vials, the public’s perception of distrust might just be inspired by it. So that could be another goal of nation states trying to do it as well. So we can’t rule out exactly what they might do. But once they get those credentials over the network, the castle is open everywhere.
KRISTIN MEYERS: I mean, is there any possibility that these attacks will work? I mean, am I maybe being naive in thinking that because we know this is happening that we’re, I guess, a little bit safer? Or is the threat still very real and very high?
NICK ROSSMANN: I think the threat is still very real and high. And I think we see this over and over in all parts of the supply chain, right? So whether you’re a biomedical company, doing this research at the highest level, a manufacturer organizing PPE, some of these cold chain companies, you’re going to be hit over and over again by these spear-phishing emails from someone. one trying to get in. on the network, whether it’s a cybercriminal or in the event that we potentially believe we are a nation state. There are opponents behind trying to gain access to your network. You should therefore implement these basic security protocols even if you think you are not necessarily a target.
KRISTIN MEYERS: Did the hackers ever demand anything? I mean, do you have a clear idea of what this pattern is? Is it to prevent the distribution of the vaccine? Is it just to steal intellectual property so that another company in another country can use it? I mean, did these hackers ask for money again?
NICK ROSSMANN: So we had no indication of that, did we, of whom – what specific country it is and what they would ask for. It’s the possibility of all of these options that might be on the table, right, depending on the types of businesses they use.
And in this case, Kristin, another point of concern is – is the upside potential. So this could be in the event that they are targeting one organization then to get credentials to another organization which could be higher in the chain. So maybe they’re targeting a business that seems less important in the cold chain, with no intention of disrupting it. But they’re starting to do this to increase their access and move to a system that handles refrigeration on a larger scale. So once they’re in that network, the possibilities start to develop.
KRISTIN MEYERS: It is absolutely terrifying to me. Has any of the companies creating the vaccines been targeted? Or is it just for that room and that part of the cold room and the distribution there? Like Pfizer and Moderna, have they been attacked as you still know?
NICK ROSSMANN: So what we saw in this targeting was just these organizations with the cold chain. But what I can say is that there have been other public reports that these other pharmaceuticals have potentially been targeted. I think one of the key points of the research is about the particular types of companies that are really involved in this and all of the health care data they might have on how the vaccine works. But I think in this case, going back, it was the cold chain operators themselves who were the targets today.
KRISTIN MEYERS: Okay. Well, a terrifying way to end this show towards the end this Friday. Nick Rossmann, Global Head of Threat Intelligence at IBM Security X-Force. Thanks for breaking it down.
[ad_2]
Source link