Interpol: Organized Crime to Capitalize on COVID-19 VaccinesMeanwhile, North Korean Hackers Suspected of Targeting Vaccine Makers
Interpol, the international law enforcement organization, is warning of a potential surge in organized crime activity tied to COVID-19 vaccines. The alert follows recent reports of spikes in alleged cyberattacks by suspected North Korean hackers against companies working on vaccines and treatments.
See Also: The Evolution of Email Security
In a notice issued Wednesday to law enforcement agencies in its 194 member countries, Interpol warns of a potential surge in criminal activities "in relation to the falsification, theft and illegal advertising of COVID-19 and flu vaccines, with the pandemic having already triggered unprecedented opportunistic and predatory criminal behavior."
Examples of potential crimes include advertising, selling and administering fake vaccines, as well as criminal organizations planning to "infiltrate or disrupt" supply chains as governments prepare to roll out COVID-19 vaccines.
Considering the "transnational aspect" of the COVID-19 response and the need for vaccine distribution, many cybersecurity threats are involved, says Stanley Mierzwa, director of the center for cybersecurity at Kean University in New Jersey.
Smaller nonprofit organizations involved in the effort "may not employ the same high-level cyber defenses as the companies developing the vaccines that have much larger security budgets," he says. That's why vaccine developers and manufacturers must take steps to secure the distribution and supply chain, he stresses.
Interpol is advising consumers to use caution when searching online for medical equipment or medicine during the COVID-19 crisis.
In addition to the dangers of ordering potentially life-threatening products, an analysis by the Interpol's Cybercrime Unit revealed that of 3,000 websites associated with online pharmacies suspected of selling illicit medicines and medical devices, more than half - 1,700 - "contained cyber threats, especially phishing and spamming malware," the organization warns.
"It is essential that law enforcement is as prepared as possible for what will be an onslaught of all types of criminal activity linked to the COVID-19 vaccine, which is why Interpol has issued this global warning," Jürgen Stock, Interpol secretary general, said in a statement.
"As international travel gradually resumes, it is likely that testing for the virus will become of greater importance, resulting in a parallel production and distribution of unauthorized and falsified testing kits."
Former healthcare CIO Drex DeFord, executive healthcare strategist at CI Security, says consumers must be on the lookout for potential cybercrime schemes.
"Cybercriminals and those who want to spread disinformation will use 'vaccine news' to entice consumers to click on bad links in phishing emails, or encourage them to go to fake-news websites," DeFord says. "Now, more than ever, consumers need to be vigilant about their information sources, especially when it comes to Covid-19 and the new vaccines."
Alleged North Korean Hacking
Meanwhile, cyberattacks by suspected North Korean hackers on pharmaceutical firms and research organizations involved in COVID-19 vaccine development reportedly continue to spike.
The Wall Street Journal on Wednesday reported that sources allege North Korean hackers have targeted at least six pharmaceutical companies in the U.S., the U.K. and South Korea that are working on COVID-19 treatments. The targeted U.S. firms include Johnson & Johnson and Novavax Inc., the newspaper reports.
In a statement provided to Information Security Media Group, Novavax says its cybersecurity team is aware of ongoing foreign threats.
"We are closely monitoring developments and continually in touch with and working with the appropriate government agencies and commercial cybersecurity experts to address any developments and threats that may emerge. It is our company policy not to comment on any specific cybersecurity activity," the company says. "We are confident we can continue to progress with our COVID-19 vaccine candidate without disruption and that these incursions do not pose a risk to the integrity of our data.
Johnson & Johnson tells ISMG: "We are continually monitoring for activities that would put the systems and data that we are entrusted with at risk. We have robust systems and processes in place to ensure that we remain vigilant and secure across all programs and areas of our business."
Other targeted pharmaceutical firms include three South Korean companies with COVID-19 drugs in earlier clinical trials, Genexine Inc., Shin Poong Pharmaceutical Co. and Celltrion Inc., according to the Wall Street Journal.
In a brief statement provided to ISMG, Genexine says, "No actual threat was found from our IT system."
Last Friday, news service Reuters reported that suspected North Korean hackers had also tried infiltrating U.K.-based AstraZeneca, whose vaccine was co-developed with the University of Oxford (see Sizing Up Synthetic DNA Hacking Risks).
In August, Interpol issued a report warning that cybercriminals had shifted their focus from individuals and smaller businesses to governments, critical health infrastructure and major corporations to maximize their profits and disruption during the COVID-19 pandemic (see Global Cybercrime Surging During Pandemic).
In July, government authorities in the U.S., U.K. and Canada issued a joint advisory warning that the Russian hacker gang Cozy Bear - or APT20 - was targeting research organizations involved with COVID-19 vaccine development (see: US, UK, Canada: Russian Hackers Targeting COVID-19 Research).
That same month, the U.S. Department of Justice announced it had charged two Chinese nationals with hacking into the computer systems of hundreds of organizations in the U.S. and abroad to steal intellectual property. Prosecutors say the suspects' activities included probing for vulnerabilities in systems at companies developing COVID-19 vaccines, treatments and testing technologies (see: DOJ: Chinese Hackers Targeted COVID-19 Vaccine Research).