Covid-19 Vaccine ‘Cold Chain’ Phishing Attacks Targets Critical Supply Chain - Abnormal Security

Covid-19 Vaccine ‘Cold Chain’ Phishing Attacks Targets Critical Supply Chain

The risk of unwittingly interacting with impersonated or compromised vendors remains high as cyber criminals continue to leverage the supply chain to carry out attacks. A recent New York Times article based on IBM X-Force research highlighted a Covid-19 phishing campaign that impersonated executives from the vaccine supply chain, where the attacker disguised themselves as a qualified cold storage supplier to harvest credentials and gain unauthorized access to information. 

The attackers attempted to learn how the vaccine is shipped, maintained and distributed. The attacker emailed “we want to place an order with your company,” along with a contract that contained malware. What they planned on doing with the vaccine logistics remains a mystery. It’s unclear whether the attackers planned to steal IP or distribute ransomware.

The race for a vaccine, as well as the subsequent logistics and distribution pressures, puts the spotlight on vulnerabilities within the supply chain. The implications of what could happen if vendors are unwittingly compromised due to a lack of email security protection are profound, and in some cases, a matter of national security and broad public health.

Communications involving the vaccine supply chain are urgent, making it easy for these types of attacks to blend in with legitimate and valid emails. Since the attacks come from trusted yet impersonated or compromised vendor accounts, organizations often cannot detect when an attack is underway until it’s too late. As a result, the probability of financial loss or IP theft is high due to the pressures to get a vaccine distributed. 

These attacks highlight the importance of tools to ensure supply chain security like VendorBase, Abnormal’s global, federated database of vendor and customer behaviors to stop supply chain compromise. VendorBase continuously monitors communications between vendors and partners, and provides a real-time, stateful risk assessment enabling Abnormal to stop these targeted supply chain attacks.

When Abnormal detects a vendor has been impersonated or compromised in one customer’s environment, VendorBase utilizes that threat intelligence to prevent attacks from the vendor in other customers’ environments. 

VendorBase has federated insights from Abnormal’s network of over 400K vendors

With VendorBase, organizations benefit from continuous reputation and risk scoring of vendors within their ecosystem. To date, VendorBase has over 400K vendors and knows the majority of an organization’s vendors when we connect to your email environment.

Request a demo to find out which vendors in your organization are compromised.

Related content