Phishing Ploy Targets COVID-19 Vaccine Distribution
by Sara Nguyen
IBM security researchers have discovered an email phishing campaign targeted at companies involved with the cold chain distribution of the COVID-19 vaccine. The attack targeted organizations across multiple countries, including Germany, Italy, South Korea, Czech Republic, and Taiwan.
The hacker impersonated a business executive from Haier Biomedical and sent phishing emails to organizations involved in the COVID-19 “cold chain” process that keeps mRNA-based SAR-CoV-2 vaccines at the right temperature during delivery. The attacks began in September 2020.
The IBM security researchers believe the goal was to obtain credentials to access sensitive data related to the COVID-19 vaccine distribution efforts.
The perpetrator remains unknown, but researchers say “the precision targeting and nature of the specific targeted organizations potentially point to nation-state activity.”
Was any data compromised?
There’s no evidence to determine if the hackers were successful or not. It’s clear though that cyberattacks related to COVID-19 are still occurring on a large scale. Healthcare providers and business associates need to stay alert to protect their data.
How to prevent display name spoofing attacks
Hackers pretending to be high-level executives to gain access to sensitive information is not a new strategy, but it’s an effective one. Employees will often open an email that appears to be from their boss without looking closely at the display name or email address.
IBM and Paubox do have a few recommendations to prevent display name spoofing attacks. These tips include:
- Multi-factor authentication: Your organization should consider using a second form of verification before granting access to data. Not only would a person need to know the login information of an account, but they will also need to enter a randomly generated PIN code sent to a different device or account.
- Employee training: Humans can often be the weakest link in security defense. Employee awareness training regarding email scams can protect your business from cyberattacks.
- ExecProtect: Paubox’s patented ExecProtect feature stops display name spoofing emails from entering your employees’ inboxes in the first place.
Paubox Email Suite Plus has robust inbound security tools to stop email threats, such as phishing emails, spam, viruses, and malware. It easily integrates with your current email provider, like Google Workspace and Microsoft 365. This means that your employees can send encrypted, HIPAA compliant email directly to a patient’s inbox without using client portals or third-party apps.