I’ve written before about how during the coronavirus pandemic, hackers have increasingly exploited Windows vulnerabilities to trick people into downloading malware and ransomware to get fast, easy money.
With a recent upsurge of attacks, things are getting worse. And this time around it’s different — people may die from COVID-19 because of the attacks. Hackers are targeting vaccine researchers and manufacturers and the COVID-19 “cold chain” that will be used to keep the vaccine cold enough for distribution around the world.
If those attacks disrupt vaccine delivery, people will die.
In mid-November, Microsoft warned about a wave of Windows attacks against vaccine researchers and manufacturers. In a blog post, the company cautioned: “In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19. The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States. The attacks came from Strontium, an actor originating from Russia, and two actors originating from North Korea that we call Zinc and Cerium.”
The majority of the targets, Microsoft said, were vaccine manufacturers involved in vaccine clinical trials. The attackers used the typical range of malware to target Windows machines, including spear-fishing as well as “password spray and brute force login attempts to steal login credentials.” In the spear-phishing attacks, emails appeared to come from job recruiters and World Health Organization representatives.