- The health-care sector has been a big target of hackers in recent years, with hundreds of millions of attempted attacks on its clients, according to VMware Carbon Black.
- The Covid-19 vaccine effort gives cyber-criminals a new cache of private information to steal and sell on the dark web.
- Organizations securing the data of patients receiving Covid vaccine shots will be vulnerable and public trust in the vaccine effort is at risk, writes Tom Kellermann, VMware Carbon Black's head of cybersecurity strategy.
The Covid-19 vaccine has been a constant target for cybercriminals from creation to deployment. In December 2020, it was reported that vital vaccine data was accessed by hackers through a European regulator's systems. More recently, it was revealed that documents accessed in that breach were manipulated before being leaked on the dark web, creating concerns about ways they might be leveraged in the future.
These incidents underscore the threat that cyberattacks targeting Covid-19 could pose to the public, but the risks don't stop there. Researchers have already detected ongoing campaigns aiming to take advantage of individuals seeking access to the vaccine, and even personal data being sold on the dark web.
According to recent data, an estimated 239.4 million attempted cyberattacks targeted VMware Carbon Black health-care customers last year. We also found an average of 816 attempted attacks per endpoint in 2020, which represents a 9,851% increase from 2019. In order to minimize disruptions to the health-care industry, and especially to the vaccine's deployment at the hands of malicious actors, we all need to be aware of the tactics and threats that currently exist, as well as steps we can take to protect ourselves and others from cyberattacks.
As we look at the cyberthreats facing the Covid-19 vaccine supply chain, it is helpful to break the conversation down into two distinct constituencies: those creating, distributing, and tracking the vaccine, and those receiving it. By its very nature, the health-care industry is responsible for the rollout of the vaccine. Research has consistently shown that health care remains one of the most targeted and vulnerable industries to cyberattacks due to the sensitivity and value of the data it utilizes, as well as the difficulty of securing the disparate systems on which it operates. The increased focus on this sector by hackers due to the vaccine has only compounded this problem.
As vaccine rollouts continue around the world, organizations involved in the registration and tracking of distribution should expect to be a prime target for cybercriminals. Hackers will direct intrusion efforts towards these institutions in attempts to access the valuable personal data they will need to collect from customers and constituents. Beyond seeking data to sell on the dark web for monetary gain, we can also expect breaches to bear the more destructive objective (in line with recent trends) of disrupting the vaccine distribution chain and slowing delivery of the vaccine to those who need it.
For individuals seeking the vaccine, the cyber threat will take on a different form. Already, we have seen a slew of attacks targeting those waiting in line for the much-anticipated vaccine. These threats have come in the form of watering hole attacks, where unsuspecting victims are directed to a phishing website or portals and prompted to enter sensitive data which is then delivered directly into the hands of hackers. From there, the hackers take the data and put it for sale on dark web forums, offering promises of account breaches and identity theft to the highest bidder.
An example of one of these watering hole attacks was recently shared by a security researcher on Twitter. The fake website, targeting users in Turkey, directs users to download an application to apply for a vaccine. In reality, users are downloading a popular banking Trojan known as "Cerberus," which would then be used to steal valuable data from a victim's device.
When the threats outlined above come together, they present very serious and potentially damaging consequences for an efficient and effective vaccine rollout. Aside from the obvious impact of disruptions to vaccine distribution, a loss in public trust owing to breaches around the rollout must also be avoided.
Fortunately, there are basic best practices both individuals and organizations can take to gain "cyber immunity," that if employed on a broad scale, can significantly reduce the risk of vaccine-related cyber attacks.
● Segmentation: Wherever possible, networks should be kept separate. For organizations, traffic between them should be limited by strict policies. At home, individuals should use multiple router networks, assigning one for personal use and the other for professional activities.
● Multi-factor authentication: Organizations and individuals alike should implement MFA wherever possible, as this second layer of protection provides a significant deterrent against hackers seeking easy intrusions.
● Manage vulnerabilities: Most cyberattacks exploit unpatched vulnerabilities. Ensure that you automate the deployment of critical updates to all operating systems and applications.
● Behavior anomaly detection and prevention on endpoints: The ability to detect abnormal and anomalous behavior on networks is too great a task for human beings. State-of-the-art automated endpoint protection platforms (EPP) must be employed across networks and endpoints to ensure that intruders are detected the moment they enter a system. Once installed, threat hunting must be conducted regularly. Threat hunting occurs when security teams actively seek out behavioral anomalies rather than relying on alerts.
● Exercising caution: Social engineering attacks, where hackers attempt to use current events such as the coronavirus and vaccine rollout to trick potential victims into sharing sensitive information or downloading malware, remain a popular strategy for attackers. This applies to organizations and individuals equally. The best defense against these attacks is to always be careful of what you click. If something looks fishy, it probably is. Finally, do not click on hyperlinks. Rather, cut and paste them into a browser and inspect the URL so you know where they're taking you before you get there.
As is the case with Covid-19 itself, taking the proper precautions is not only in your own interest, but also in the interest of those around you. Implement these cybersecurity best practices to mitigate a digital pandemic and thus ensure that the vaccine is delivered to those who need it as quickly and securely as possible.
When it comes to cybersecurity, vigilance is key. Stay alert and be proactive as your reputation and digital health depend on it.
—By Tom Kellermann, head of cybersecurity strategy, VMware Carbon Black, and a member of the CNBC Technology Executive Council