“It is going to be a problem and it is going to get bigger. The whole supply chain of providing these vaccines is going to be done via cyberspace, so it is a big risk.”
SOUTH Africa can expect cyber threat activity targeting the vaccine distribution chain, cyber security experts have warned.
While many countries have begun with the rolling out of Covid-19 vaccines, cyberattacks on vaccine manufacturers and distribution companies are on the rise.
As South Africa plans to kick off its vaccination programme in just a few weeks, the director of the Centre for Cyber Security at the University of Johannesburg (UJ), Professor Basie von Solms, says the country should brace itself for such threats.
“It is going to be a problem and it is going to get bigger. The whole supply chain of providing these vaccines is going to be done via cyberspace, so it is a big risk,” said Von Solms.
“The people that have access to sensitive data, they must be trained and be aware of the attacking methods that cybercriminals use because hackers normally go for the weakest link in the supply chain and in this case it is the end user; the person who is handling the computer,” he said.
Interpol issues a warning
Interpol has warned law enforcement about the pending threats and that they should be prepared to deal with Covid-19-related scams and cybercrime over the coming months.
“It is essential that law enforcement is as prepared as possible for what will be an onslaught of all types of criminal activity linked to the Covid-19 vaccine, which is why Interpol has issued this global warning,” said Interpol secretary-general Jürgen Stock.
In addition to the Covid-19-related cybercrimes, Interpol’s Cybercrime Unit revealed that of 3,000 websites associated with online pharmacies suspected of selling illicit medicines and medical devices, around 1,700 contained cyberthreats, especially phishing and spamming malware.
The warning comes after IBM Security X-Force uncovered a global phishing campaign targeting organisations associated with a Covid-19 cold chain.
According to the IBM researchers who uncovered the campaign targeting the vaccine cold chain, inside knowledge about vaccine transport plans could be of enormous value on the black market.
Attempted cyberattack on AstraZeneca
According to a Reuters report, an unsuccessful cyberattack attempt was made on vaccine maker AstraZeneca.
It is alleged that hackers acted as recruiters and contacted employees on online networking platforms like LinkedIn and WhatsApp with fake job offers. After the bait, they sent job descriptions through documents filled with malicious viruses that would allow access to AstraZeneca’s systems.
Last week, the European Union’s drug regulator announced that the Covid-19 vaccine documents stolen from its servers in November by hackers were not only leaked to the web, but “manipulated”.
“Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines. This release has a significant potential of sowing distrust in the EMA process, the vaccines, and vaccination in Europe in general,” read a statement from the European Medicines Agency.
ICT infrastructure in South Africa
IT expert Danny Myburgh, of Cyanre, a leading provider of computer forensic services in South Africa, says there has been an increase in the intensity as well as the level of sophistication in cyberattacks in the past couple of months against the health care industry.
“At this stage, the protection of ICT infrastructure in South Africa is very segmented. Many organisations and sectors do have good security although there are many pockets where security is still not a priority,” Myburgh said.
“The unfortunate part is that it only takes one weak link in the chain or one employee that is not safety aware to allow the perpetrators to gain access to the environment.
’’The main problem with security is that a person can never spend enough money to improve security sufficiently,” he said.