As pharmaceutical companies such as Pfizer race to develop a vaccine for COVID-19, mobile phishing gangs are swapping up their tactics in hopes to get their hands on critical research.
Cybercriminals previously targeted pharmaceutical company employee credentials. However, new research shows that 77 percent of pharmaceutical mobile phishing attempts in the third-quarter of 2020 sought to deliver malware on victims’ systems. This shift, which reflects a 106 percent increase in malware delivery in mobile phishing, shows cybercriminals turning to spyware, remote access functionality and more in order to access “crown jewel” COVID-19 research data from pharmaceutical companies.
“On a global scale, there have been multiple reports of foreign adversaries targeting pharmaceutical industry executives with mobile spear phishing attacks,” according to Hank Schless, senior manager of security solutions at Lookout wrote on Tuesday in an analysis of the trend. “Both the National Cyber Security Centre in the U.K. and the Cybersecurity & Infrastructure Security Agency in the U.S. issued advisories to organizations involved in the COVID-19 response to shore up their security practices. State-sponsored campaigns prove that nation-state virtual espionage is not just an issue for government entities.”
As the pandemic continue to rattle the world, pharmaceutical companies in particular are under speculation as the hunt continues for an effective vaccine. Pharmaceutical giant Pfizer recently announced a vaccine under development, which it said proved 90 percent effective in the latest trials.
Given the current pandemic, any information about a COVID-19 vaccine is highly sought after by cybercriminals – whether for espionage or for ransomware. A ransomware attack in October, for instance, hit eResearchTechnology, a medical software company that supplies pharma companies with tools for conducting clinical trials – including trials for COVID-19 vaccines10. And APT29, a Russia-based advanced persistent threat (APT) group also known as Cozy Bear, reportedly targeted several pharmaceutical research institutions in various countries around the world in July.
Mobile Phishing Rates Spike
In the first quarter of 2020, when COVID-19 was surging globally, researchers saw a spike in pharmaceutical mobile phishing rates – from 7.06 percent in the fourth quarter of 2019 to 15.26 percent in Q1 2020.
“The reason that mobile devices have become a primary target is because a well-crafted attack can be close to impossible to spot,” said Schless. “Mobile devices have smaller screens, simplified user interfaces, and people generally exercise less caution on them than they do on computers.”
Meanwhile, while previously cybercriminals were relying on phishing attacks that attempted to carry out credential harvesting, in 2020, the aim shifted to malware delivery. For instance, in the fourth quarter of 2019, 83 percent of attacks aimed to launch credential harvesting while 50 percent aimed to deliver malware (Of note, some attacks were aimed at both credential harvesting and malware delivery).
However, in the first quarter of 2020, only 40 percent of attacks targeted credentials, while 78 percent aimed to deliver malware. And, in the third quarter of 2020, 27 percent targeted credentials, and 81 percent looked to load malware.
Researchers believe that this shift signifies that attackers are investing in malware more for pharmaceutical companies. For one, successful delivery of spyware or surveillanceware to a device could result in longer-term success for the attacker. Furthermore, said researchers, attackers want to be able to observe everything the user is doing and look into the files their device accesses and stores.
Moving forward, researchers recommend pharmaceutical companies adopt a modern approach that is “built from the ground up for mobile.”
“Employees in pharmaceutical organizations use iOS, Android, and ChromeOS devices every day to stay productive and increase efficiency no matter their role,” said researchers. “This makes them targets for cyberattackers because their devices are a treasure trove of data and a gateway to enterprise cloud infrastructure.”
Hackers Put Bullseye on Healthcare: On Nov. 18 at 2 p.m. EDT find out why hospitals are getting hammered by ransomware attacks in 2020. Save your spot for this FREE webinar on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this LIVE, limited-engagement webinar.