Last month, a group of New York-based security researchers announced that the eight most promising players in the race for the COVID-19 vaccine were at particular risk of falling victim to targeted cyberattacks with devastating consequences. According to the researchers’ analysis, the vast majority of these companies had multiple security flaws. On the night of December 10, the time came.
At a time when people around the world are eagerly awaiting a vaccine against the COVID-19 virus, such a hacker attack would be fatal. This is exactly what pharmaceutical companies are focusing on at the moment and promises lucrative prey for cybercriminals. The top motives are industrial espionage or the extortion of very high ransom demands. The New York researchers primarily named improper or completely unsecured configurations of the Remote Desktop Protocol (RDP) as a possible gateway.
Attack on the European Medicines Agency
On the night of December 10, 2020, such an attack has now occurred. Hackers perpetrated a targeted attack on the European Medicines Agency (EMA). The cybercriminals reportedly managed to steal documents related to the marketing authorization application for the COVID-19 vaccine developed by Pfizer and BioNTech. Fortunately, however, the damage is said to be limited. For example, according to the companies, the attack did not affect review deadlines, production or delivery of the vaccine. Exactly how the hackers proceeded is currently unknown. However, both companies assured that no patient or other personal data fell into the hands of the attackers.
Not only pharmaceutical companies are interesting for hackers
This incident apparently went off without a hitch – but one would not like to imagine the consequences if the hackers had stolen, manipulated or made inaccessible important and secret information. Already in 2019, BSI President Arne Schönbohm has seen pharmaceutical industries increasingly in the focus of cybercriminals. In the same vein, he also named operators of national water and electricity utilities as particularly at risk. But why do these sectors in particular face higher threats? Simple. The impact of hacking attacks that could disrupt or disrupt operations there would have far-reaching consequences for the entire population.
The Federal Office for Information Security (BSI), together with the Federal Office of Civil Protection and Disaster Assistance, has identified sectors that they classify as critical infrastructures, or CRITIS for short. This refers to systems that play an important role for the community and are essential for maintaining important societal functions. These include transport and traffic, water, energy, food, health, but also information technology and telecommunications. According to Arne Schönbohm, these sectors must place a high priority on internal IT security because of their importance to the population as a whole.
How do CRITIS organizations protect themselves?
Organizations and facilities that are part of the Critical Infrastructure are given special protection. Since 2011, the National Strategy for Critical Infrastructure Protection has summarized all measures taken by the federal government, the states and the stakeholders concerned. Furthermore, the BSI CRITIS Ordinance specifies which information technology systems are important for the functioning of critical infrastructures and which organizational and technical precautions must be taken to secure them. The ordinance also stipulates that all cyber incidents and hacker attacks must be reported to the BSI.
Hacker Attacks on Critical Infrastructures Worldwide
The extent to which a hacker attack on a critical infrastructure can take place is illustrated by the following examples:
- In September 2020, there was a hacker attack on the university hospital in Düsseldorf. For weeks, normal patient care was not possible. In some cases, patients had to be turned away or transferred to other hospitals. Doctors were unable to access X-ray images or computer monograms.
Shortly before that, in July 2020, hackers in Ludwigshafen stole customer and employee data from an energy company. 150,000 people were affected. Particularly piquant: the attack took place back in the spring and went undetected for weeks. - In 2017, a Saudi Arabian power plant fell victim to hackers. The aim of the attack was presumably to destroy the plant. The attack was only noticed because the malware triggered a security shutdown of the power plant.
- And just before Christmas 2015, the power went out in Ukraine. More than 700,000 people were without electricity. This blackout was also caused by a hacker attack. According to media reports, the attackers managed to gain access to the system through clever social engineering. Ultimately, almost 30 substations failed, and nearly 300 cities were directly or indirectly affected.
In all likelihood, the threat from hackers will not diminish in the coming months and years – on the contrary. According to the German government, 171 successful hacker attacks on critical infrastructure facilities were recorded in the period from January to early November 2020. Since these hacks have serious consequences for very many affected parties, it is important to monitor this sector particularly closely and to ensure “cyber-secure” systems.