Last month, a group of security researchers from New York announced that the eight most promising players in the race for the COVID-19 vaccine are particularly at risk of falling victim to targeted cyberattacks with devastating consequences. According to the researchers’ analysis, the vast majority of these companies had several security flaws. On the night of December 10, the time had come.

At a time when people around the world are eagerly waiting for a vaccine against the COVID-19 virus, such a hacker attack would be fatal. This is exactly what pharmaceutical companies are currently focusing on and promising lucrative loot for cybercriminals. The motive is industrial espionage or the extortion of very high ransom demands. The New York researchers cited improper or completely unsecured configurations of the Remote Desktop Protocol (RDP) as a possible gateway.

Attack on the European Medicines Agency

On the night of December 10, 2020, such an attack occurred. Hackers have carried out a targeted attack on the European Medicines Agency (EMA). The cybercriminals managed to steal documents related to the application for approval of the COVID-19 vaccine developed by Pfizer and BioNTech. Fortunately, however, the damage should be limited. According to the companies, the attack has no impact on the review deadlines, production or delivery of the vaccine. How exactly the hackers proceeded is not known at the moment. But both companies assured that no patients – or other personal data – fell into the hands of the attackers.

Not only pharmaceutical companies interesting for hackers

This incident apparently went smoothly – but one does not want to imagine the consequences if the hackers had stolen, manipulated or made inaccessible important and secret information. As early as 2019, BSI President Arne Schönbohm saw pharmaceutical industries increasingly in the focus of cybercriminals. In this context, he also named operators of national water and electricity utilities as particularly at risk. But why do these sectors in particular see themselves exposed to higher dangers? It’s simple. The effects of hacker attacks, which could lead to interruptions or disruptions in operations there, would have far-reaching consequences for the entire population.

The Federal Office for Security and Information Technology (BSI), together with the Federal Office for Civil Protection and Disaster Assistance, has identified sectors that they classify as critical infrastructures, or KRITIS for short. These are systems that play an important role in the community and are essential for maintaining important social functions. These include transport and traffic, water, energy, food, health, but also information technology and telecommunications. According to Arne Schönbohm, these sectors must attach great importance to internal IT security due to their importance to the population as a whole.

How do critical infrastructure organizations protect themselves?

Organizations and facilities that are part of critical infrastructure are given special protection. Since 2011, the National Strategy for the Protection of Critical Infrastructures has summarised all measures taken by the federal government, the states and the stakeholders concerned. Furthermore, the BSI-KRITIS Regulation specifies which information technology systems are important for the functionality of critical infrastructures and which organizational and technical precautions must be taken to secure them. In addition, the ordinance stipulates that all cyber incidents and hacker attacks must be reported to the BSI.

Hacker attacks on critical infrastructures worldwide

The following examples show the extent of a hacker attack on a critical infrastructure:

• In September 2020, a hacker attack took place on the University Hospital in Düsseldorf. For weeks, normal patient care was not possible. In some cases, patients had to be turned away or transferred to other hospitals. Doctors could not access X-rays or computer monograms.
• Shortly before, in July 2020, customer and employee data of an energy company was stolen by hackers in Ludwigshafen. 150,000 people were affected. Particularly piquant: The attack took place in the spring and was not discovered for weeks.
• In 2017, a Saudi Arabian power plant fell victim to hackers. The aim of the attack was probably to destroy the facility. The attack was only noticed because the malware triggered a security shutdown of the power plant.
• And shortly before Christmas 2015, the power went out in Ukraine. More than 700,000 people were without electricity. This blackout was also caused by a hacker attack. According to media reports, the attackers managed to gain access to the system through clever social engineering. In the end, almost 30 substations failed, and almost 300 cities were directly or indirectly affected.

In all likelihood, the threat posed by hackers will not abate in the coming months and years – on the contrary. According to the German government , 171 successful hacker attacks on critical infrastructure facilities were counted in the period from January to the beginning of November 2020. The year before there were 121 and the year before 62. Since these hacks have serious consequences for many of those affected, it is important to monitor this sector particularly closely and ensure that “cyber-secure” systems are in place.