Targeted phishing attacks aimed at business executives and researchers that have access to the supply chain for the COVID-19 vaccine are, not surprisingly, starting to be discovered. As arguably the most valuable intellectual property in the world right now, nation-states are clearly anxious about becoming dependent on another country for access to the vaccine.
IBM is reporting that it has discovered targeted phishing campaigns that were launched against individuals that have access to a global Cold Chain Equipment Optimization Platform (CCEOP) program that has been set up by Gavi, The Vaccine Alliance, and UNICEF.
The IBM report comes on the heels of a warning issued last month by Microsoft that noted Russian and North Korean hacking groups have been targeting pharmaceutical companies and coronavirus vaccine researchers.
Nation-states have been stealing intellectual property from one another since the dawn of time. Tea grown in India is based on seeds that were originally stolen from China. The cotton gin that transformed the economy in the southern states of the U.S. appeared first in the United Kingdom. Much of the resentment of China in modern times revolves around allegations of intellectual property theft. Hacking is only the modern cyberespionage equivalent of a long-standing tradition where nations steal intellectual property from friend and foe alike.
In fact, Verizon just published a report examining cyberespionage attacks that found the perpetrators of these attacks were most often affiliated with a nation-state (85%) rather than attacks actually being launched by a nation-state (8%). Not only is it harder to trace back the ultimate beneficiary of these attacks when perpetrated by a group that is affiliated with a nation-state, that approach also avoids any semblance of a direct attack being launched by one country against another.
Based on data originally collected for the Verizon Data Breach Investigations Report (DBIR), the Verizon report also notes that time to compromise was seconds to days (91%), while time to exfiltration ranged from minutes to weeks (88%).
Unfortunately, the report also notes time to discovery is measured in months to years (69%), while time to containment ranged from days to months (79%).
Defending intellectual property
Organizations of all sizes have been trying with mixed success to defend their intellectual property from hackers for decades. The more sensitive the data, the more likely it is there is an air gap between the systems that house that data and the outside world. Even then, if a determined thief can gain physical access to that IT environment, they might already have a fair idea of how to gain access to those systems using some combination of passwords they were able to deduce from stolen credentials found on the Dark Web.
When it comes to defending intellectual property, organizations are on their own. Law enforcement agencies might issue advice, but they are only going to become really involved after a crime has been committed. That’s likely to be cold comfort for an organization that has spent years researching a product only to discover a copy of it has magically appeared on the other side of the world.
Cybersecurity teams are in fact the last thin line of defense for intellectual property that all too often is not especially secure. That simple fact may not always be as well appreciated as it should be, which is why many business leaders owe a debt of gratitude to cybersecurity teams that they can never really repay.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.