The cyber teams at IBM and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued a dire warning today. They said that hackers are threatening what may be the most critical industries in the world right now: the companies in charge of delivering COVID-19 vaccines.
In this case, it’s called the “cold chain” because the early vaccines have to be kept at very low temperatures, and everything has to be tracked along the way.
The whole chain is a complex one, from manufacturing plants to freezer trucks and planes to cold storage at medical sites, and ultimately into people’s arms around the world.
It is not clear what the hackers are after, but that there’s plenty at stake in this essential cold chain.
The phishing emails start innocently enough, saying, “Good morning! Hope you are doing well.” The messages pretend to come from an executive at a global refrigeration company, asking for information.
If the email recipient clicked and typed in a username and password, the bad guys would get those login credentials.
Chris Painter, the former top cyber diplomat for the United States, warned, “You could use those credentials to get deeper into a computer system, to get to more sensitive areas. Essentially your credentials could be like the keys to the kingdom. Once you’re inside you could do a lot.”
For instance, criminals could steal the vaccine formula or pilfer the product and sell it on the side, or hold up delivery and demand ransom.
Also, Prashant Yadav, a fellow at the Center for Global Development, said that “if the hackers work for governments with vaccine supplies, they could also learn product delivery schedules and prices, and offer to sell their vaccines earlier, or cheaper.”
Yadav further noted that while pharmaceutical firms may have cyber defenses in place, delivery and logistics companies often do not.
“Smaller cargo operators, smaller airport clearing agents, those are the groups who have not equipped themselves with the kinds of measures that are needed to mitigate these risks,” he said.
If one spot in the vaccine chain is compromised, it could risk the whole delivery system, because everything is connected and monitored by GPS and digital apps.
“We are increasingly connecting these types of systems to networks so that we can remotely manage them. But any time you add software to something, you add vulnerability,” said Beau Woods, a consultant with a grassroots digital security group called I Am The Cavalry.
Today’s warning from IBM and CISA said the hacking targets are outside the U.S., though an American cold chain company said two weeks ago that its network was attacked.
As a nonprofit news organization, our future depends on listeners like you who believe in the power of public service journalism.
Your investment in Marketplace helps us remain paywall-free and ensures everyone has access to trustworthy, unbiased news and information, regardless of their ability to pay.
Donate today — in any amount — to become a Marketplace Investor. Now more than ever, your commitment makes a difference.
