With the COVID-19 vaccine distribution right around the corner, researchers from IBM’s Security X-Force have just uncovered a phishing campaign targeting companies associated with The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program in Germany, Italy, South Korea, Czech Republic, greater Europe and Taiwan. The goal of this campaign is likely to gather intelligence about how the vaccine will be stored and transported to understand the entire cold chain process. Initial reports have indicated that the attacks were “sophisticated enough that they pointed to a government-sponsored initiative, not a rogue criminal operation aimed purely at monetary gain”.
This should serve as a notice to all the organizations involved in the production and distribution of the COVID-19 vaccine. Since it must be kept consistently at an incredibly cold temperature to stay viable, one small adjustment in a refrigeration facility could spoil entire batches of it. We discussed the potential consequences of such an attack in our recent webinar on creating a cybersecurity program for building management systems. There have already been instances of something like this happening, such as in 2018 when a disgruntled third-party contractor adjusted the temperature in a refrigerated facility at a grocery store in the Netherlands, destroying critical platelets and insulin.
To reduce the risk of a successful cyberattack on the cold chain, we recommend that organizations take the following actions now:
The COVID-19 vaccine cold chain is a ripe target for cyber criminals, so it’s critical for stakeholders throughout the chain to ensure that their refrigeration facilities are secure as possible. We’re here to help. Connect with one of our cybersecurity experts for advice on what you can do to keep your facilities cyber secure.