The technology giant is sounding the alarm over efforts to hack organisations critical to the distribution of Covid-19 vaccines after uncovering a “global phishing campaign”.
IBM said in a blog post published on Thursday that digital spies have turned their attention to the vaccine “cold chain” – the process needed to keep vaccine doses at extremely cold temperatures as they travel from manufacturers to doctors.
The company’s cybersecurity unit said it had detected an advanced group of hackers using meticulously crafted booby-trapped emails sent in the name of a cold chain provider specialising in vaccine transport.
Interpol, the global police coordination agency, has also warned that organised criminal gangs could be targeting the real Covid-19 vaccines in a bid to create and sell fake shots.
The hackers detected by IBM went through “an exceptional amount of effort”, said analyst Claire Zaboeva, who helped draft the report. Hackers researched the correct make, model, and pricing of various refrigeration units.
“Whoever put together this campaign was intimately aware of whatever products were involved in the supply chain to deliver a vaccine for a global pandemic,” said Ms Zaboeva.
The US Cybersecurity and Infrastructure Security Agency reposted the IBM report, warning members of Operation Warp Speed – the US government’s national vaccine mission – to be on the lookout.
A secure cold chain is fundamental to distributing vaccines by the likes of Pfizer and BioNTech, the companies which developed the jab approved for use in the UK on Wednesday, because the shots need to be stored at -70C or below to avoid spoiling.
📣 BREAKING: INTERPOL has issued a global alert to law enforcement across its 194 member countries warning them to prepare for organized crime networks targeting #COVID19 vaccines, both physically and online.
Details: https://t.co/okGpgNJpIy pic.twitter.com/LSKoEb2LHC
— INTERPOL (@INTERPOL_HQ) December 2, 2020
IBM said the bogus emails were sent to about 10 different organisations but only one target was identified by name: the European Commission’s Directorate-General for Taxation and Customs Union, which has helped set rules on the import of vaccines.
The tech firm said other targets included companies involved in the manufacture of solar panels, which are used to power vaccine refrigerators in warm countries, and petrochemical products that could be used to make dry ice.
IBM’s Ms Zaboeva said the hacking campaign has no shortage of potential suspects. Figuring out how to swiftly distribute an economy-saving vaccine “should be topping the lists of nation states across the world”, she said.
On Wednesday, Interpol said it had issued a global alert to law enforcement across its 194 member countries, warning them to prepare for organised crime networks targeting vaccines, both physically and online.
“As governments are preparing to roll out vaccines, criminal organisations are planning to infiltrate or disrupt supply chains,” said Jurgen Stock, Interpol secretary general. “Criminal networks will also be targeting unsuspecting members of the public via fake websites and false cures, which could pose a significant risk to their health, even their lives.”