author photo
By Bruce Sussman
Thu | Nov 19, 2020 | 3:00 AM PST

Somewhere, hackers are laughing behind their keyboards, as the world begs them to stop attacking healthcare during a global pandemic.

The latest plea is coming from Microsoft executives. 

Microsoft President Brad Smith spoke at a global conference recently where he shamed attackers and called for worldwide action:

"Cyberattacks on healthcare institutions responding to the COVID-19 pandemic are unconscionable. We need world leaders to come together and condemn this behavior by affirming and enforcing international laws to protect frontline workers and critical research."

Microsoft reveals details of cyberattacks on coronavirus research

And according to a new post from Tom Burt, Microsoft Corporate Vice President for Customer Security and Trust, many recent attacks are nation-state backed and threaten the very vaccine and therapeutic research the world is hanging its hopes on:

"...we're sharing more about the attacks we've seen most recently and are urging governments to act.

In recent months, we've detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for Covid-19.

The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States. The attacks came from Strontium, an actor originating from Russia, and two actors originating from North Korea that we call Zinc and Cerium."

And these are not just plain old vanilla vaccine makers under attack. No, these are organizations working on vaccines to defeat COVID-19:

"Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials. One is a clinical research organization involved in trials, and one has developed a Covid-19 test. Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work."

Password brute force and phishing attacks target vaccine makers

And Microsoft VP Tom Burt detailed the attack vectors, or methods, used by nation-state backed hackers. One technique is used by the Russian backed threat actors:

"Strontium continues to use password spray and brute force login attempts to steal login credentials. These are attacks that aim to break into people's accounts using thousands or millions of rapid attempts."

Meanwhile, the North Korean actors are utilizing phishing emails:

"Zinc has primarily used spear-phishing lures for credential theft, sending messages with fabricated job descriptions pretending to be recruiters. Cerium engaged in spear-phishing email lures using Covid-19 themes while masquerading as World Health Organization representatives."

IP theft likely a primary driver behind pharma cyber attacks

How much, exactly, is the recipe for a COVID-19 treatment or vaccine worth? What would it mean to a country like Russia, China, North Korea, or a competing drug maker?

That's a question SecureWorld discussed with a cybersecurity attorney who discovered a cyberattack against the World Health Organization just as COVID-19 swept the globe.

During a podcast interview, Alexander Urbelis detailed how he uncovered a live, sophisticated cyberattack against the WHO. And, he explored the benefits of a successful attack:

"I mean, the timing, obviously in the midst of the coronavirus world hysteria. Any nation that could acquire or any company that could acquire an advanced preview of the World Health Organization statistics with respect to the pandemic itself and its proliferation in other countries or information or intelligence with respect to palliative care vaccines underway, and all of this information could give a country or private industry or even I daresay investors, a massive leg up in terms of competitive business as well as nation-state level intelligence."

Listen to our complete interview about the attack discovery:

Big pharma frequently faces IP theft related cyberattacks

These attacks sound scary; they sound cold-hearted. And the stakes are extremely high at this point in history. 

However, they are hardly new.

Following her keynote presentation at SecureWorld Philadelphia last year, I interviewed Dawn-Marie Hutchinson who is Information Security Officer for R&D at GlaxoSmithKline (GSK).


Here is how she described threats to pharmaceutical companies:

"Every industry has a different set of threat actors. And the first thing we do when we do threat mapping is we talk about, who are they We're likely looking at cyber espionage: other companies looking to interfere with our production, or nation-state actors at work because providing cutting-edge medicines to their people is important.
When we look at nation-state actors, 9 out of 10 times they're looking to steal information."

That dovetails perfectly with the motives Alexander Urbelis discussed. And it leads us back to where we started this story and that call by Microsoft executives demanding cyberattacks of this nature stop.

And while hackers may laugh off requests like these, the tech giant says leaders around the world have the power to stop the attacks originating within their borders, regardless of who is launching the attack:

"Microsoft is calling on the world's leaders to affirm that international law protects health care facilities and to take action to enforce the law. We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate—or even facilitate—within their borders. This is criminal activity that cannot be tolerated."

Will the high stakes around COVID-19 finally force the world to work together on cybercrime? Is that goal obtainable? We shall see.