Sophisticated cybercriminals have been trying to steal COVID-19 vaccine research – and researchers say there’s more of that to come going into 2021. Intellectual property theft will join ransomware, cloud-stored patient data theft and advanced phishing efforts as the main hallmarks of medical-related healthcare cyberattacks for the new year.
That’s according to predictions from Kaspersky researchers, who said to expect advanced persistent threat (APT) threat actors to continue to target any pharma company that makes a significant breakthrough on coronavirus vaccines or therapeutics. They also believe that this will spark diplomatic disputes around the world.
There have already been reported espionage attacks on vaccine-makers AstraZeneca and Moderna.
“The pandemic has turned 2020 into a year of medicine and information technology,” said Maria Namestnikova, researcher with Kaspersky, in a Wednesday posting. “Interest in medical research has, of course, increased too among cybercriminals in particular groups specializing in targeted attacks. This was spurred primarily by the development of a COVID-19 vaccine and its potential significance for the global community. The biggest hullabaloo was around the WellMess campaign, which, according to Western intelligence agencies, sought to steal information about vaccines being developed in Canada, the UK and several other countries.”
Going forward, attacks on COVID-19 vaccine and drug developers, and attempts to steal sensitive data from them, will continue, Kaspersky predicted, as the development race between pharmaceutical firms continues. And, these cyberattacks will have ramifications for geopolitics, with the “attribution of attacks entailing serious consequences or aimed at the latest medical developments is sure to be cited as an argument in diplomatic disputes.”
Ransomware and More
Namestnikova also cited the post-COVID-19 surge in the criticality level of medical infrastructure, coupled with across-the-board digitalization, as big drivers for medical-sector cyberattacks.
“There has been an increase in attacks on medical equipment in countries where the digital transformation of healthcare is only just beginning,” she noted. In 2021, organizations in countries with more developed infrastructure will be in the sights, small and medium-sized businesses (SMBs).
“Protecting patient data and infrastructure is fairly expensive and thus difficult for SMBs to implement at the best of times, let alone during an economic crisis,” she predicted.
Kaspersky’s predictions overview pointed out that 10 percent of all organizations hit by targeted ransomware between January and September this year were hospitals and other medical institutions, with more than two dozen U.S. hospitals hit with Ryuk and other targeted ransomware campaigns in October alone. In the new year, this could translate into better cybersecurity maturity.
“The focus on digital security in hospitals offers hope that 2021 will be the year when cybersecurity and healthcare join forces,” said Namestnikova. “Past experience has shown that painful lessons such as the Wannacry epidemic in 2017 and the coronavirus pandemic in 2020 are the very thing that incentivizes organizations to pay more attention to infrastructure security.”
Other Kaspersky predictions include a rise in patient data leaks from cloud services, thanks to medical organizations’ ongoing transition to cloud infrastructures and storage of personal information in them. This will help make medicine a go-to bait topic for phishing, according to the firm.
“[Medical-related lures] will be with us next year and remain current at least until the end of the pandemic,” she said. “The human factor is one of the most important components of many attacks, and information about new regulatory restrictions, potential treatments and patient health will continue to attract user attention. Leaked medical records will also become part of the hook in targeted attacks, since accurate patient information will make fake messages far more credible.”
Put Ransomware on the Run: Save your spot for “What’s Next for Ransomware,” a FREE Threatpost webinar on Dec. 16 at 2 p.m. ET. Find out what’s coming in the ransomware world and how to fight back.
Get the latest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, and other security experts, on new kinds of attacks. Topics will include the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. Register here for the Wed., Dec. 16 for this LIVE webinar.