Lessons Learned from the Vaccine Supply Chain Attack | Supply Chain Risk Management

Like legitimate businesses, threat actors develop strategies and tactics to achieve their goals by taking advantage of security vulnerabilities. Before the December 2020 attack, confirmed by Pfizer, BioNTech and the European Medicines Agency, the hackers did reconnaissance in order to launch a spear-phishing email campaign. As attackers “try, try and try again” to get their hands on sensitive data, organizations must pay attention to cybersecurity basics to improve supply chain protection.

According to , office document phishing skyrocketed during the second half of Q3. In both a sensitive situation, like an election, or during ‘business as usual’, a lack of employee cybersecurity awareness offers a path of least resistance for attackers to infiltrate an organization through methods involving phone, text or email. Spear phishing, the highly targeted form of phishing, includes familiar names, words, phrases and calls to actions, knowing that a recipient is more likely to trust the source.

A click on a malicious email usually does one of two things. It injects something, likely a botnet, into the environment, or it downloads ransomware. A botnet gives hackers control over the computer, so attackers can monitor the environment and gather intelligence in a “slow as you go” way, honing in on the right person and computer for ransomware purposes. 

From a cybersecurity perspective, phishing attacks are an insider threat risk. If personnel are unaware of cyber-hygiene, they’re unaware of the threat they pose. 

Impacts on Vaccine Development and Distribution

Successful attacks on supply chains disrupt critical infrastructure by redirecting information and modifying logistics. Attackers wage ransomware attacks at institutions that have the financial resources to pay ransoms. 

breaches are financially motivated. A single successful intervention through an executive, researcher, scientist, manufacturing line worker, vendor employee or clinic/hospital worker, can unintentionally provide a big payday for attackers. With more companies racing to mass-produce and distribute vaccines, comes more opportunities for assailants to cash in.

A breach can influence vaccine viability…