Attacks on biotech and pharmaceutical industry escalate

Attacks on the biotech and pharmaceutical industry had increased by 50% between 2019 and 2020, according to a BlueVoyant report.

The report highlighted that nation-states are ramping up cyber attacks on companies that are developing vaccines, and this is likely to increase as production and distribution gets underway.

The analysis examined open source records of 25 publicly reported attacks that have taken place in the last four years. It set out to define key risks and how COVID-19 has changed the threat landscape.

Establishing that ransomware is still the number one threat vector for this industry, the report identifies the key risks that companies face and the steps they need to take to mitigate these.

Key findings

• The number one emerging threat in 2020 is nation-state espionage aimed at stealing COVID-19 vaccine research data. That said, the top threat overall is still ransomware.
• COVID-19 vaccines are the crown jewels in 2020 with eight of the most prominent companies in the race for a vaccine facing high volumes of targeted malicious attacks. These are often out of proportion to their size and larger attack volumes than well-known pharmaceutical giants.
• Biotech and pharmaceutical companies are under daily attacks which include brute force, phishing attempts, and targeting of vulnerable web applications.
• Attacks are escalating. Of the 25 attacks reported to the media since 2017, 10 (40%) took place in 2020.
• Key defenses against such attacks such as securing open remote desktop access ports and phishing security had not been implemented across most of the observed companies.
• 80% of the 20 companies analyzed showed signs of more targeted attack activity.

Commenting on the research, Jim Penrose, COO, BlueVoyant said: “Pharmaceutical companies develop highly lucrative IP, they handle large amounts of patient and healthcare data and as such are a prime target for criminals looking to compromise, steal and exploit information. Now they face an even more elevated risk environment in the current pandemic as well-resourced nation-state actors mount aggressive and focused campaigns.

“Most organizations in this sector are significantly scaling up their digital platforms but cyber posture lags. They need to continuously monitor new attack vectors. Importantly, once they have secured their own systems, they need to look outward to supply chain cybersecurity because this sector, more than most industries, has interconnected digital business ecosystems with many supply chain dependencies. Supply chain cybersecurity is a critical step in ensuring against third-party cyber risk.”

Key implications

• First, 80% of companies targeted experienced malicious, intentional and focused efforts. Even more troubling, 7 out of 20 showed signs of compromise.
• Second, attackers used automated tools and infrastructure and three quarters used programmatic brute force attacks, meaning they had acquired a credential database and then bought an automated program to target specific companies.
• Third, these incidents occurred without regard to company size, area of focus or geography. The wide distribution of attacks did not follow a clear pattern, which means that organizations were under attack from sophisticated and knowledgeable cyber actors.

Jim Rosenthal, CEO, BlueVoyant, concludes: “The ongoing effort to find a vaccine and cure for COVID-19 is an endeavor we all want to succeed. The high level of cyber risk associated with the firms working on this critical mission ought to be a call for action to take immediate measures to drive down cyber risk.

“Around the globe all citizens want peace of mind that these firms will guarantee confidentiality, integrity, and availability in their research, development, manufacturing, and data management activities as they race against the clock to deliver life-saving breakthroughs.

“We have recently seen the first death of a patient in Germany attributed to ransomware paralysing a hospital’s networks. We need to ensure that the growing surge of attacks against the pharmaceutical sector does not disrupt the delivery of healthcare, and the production and distribution of COVID- 19 vaccines in 2021.”