The fight against the global COVID-19 pandemic has seen a lot of progress in recent months as working vaccines have now begun to be produced. But, with this development, cyberattacks have made a significant advancement too.
A clear change in the pattern of attacks is now being observed which suggest that cybercriminals are currently focused on disrupting the timely delivery of the COVID-19 vaccine.
Between March-April, cyber threat actors targeted the US Department of Health and Human Services, one of Czechia’s biggest COVID-19 testing labs, World Health Organisation (WHO) and Chinese government agencies.
Now, however, reports are surfacing about massive phishing attacks on the vaccine cold chain (the temperature-controlled environment needed to transport and store the vaccine), manufacturer of the cold chain equipment and some tax and customs officials.
Around three state-sponsored hacker groups originating from Russia and North Korea have attacked seven COVID-19 vaccine makers. While along with them China and Iran have also been accused to be behind the attacks,
So, the question that arrives at this point is – Shouldn’t the targeted effort of disrupting medical supplies amid a global pandemic be considered a more grave crime than hacking itself?
Well, the answer is a resounding yes, but when it comes to the consequences of the crime, little to no action is being taken.
The United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (GGE), in a 2015 report, agreed to adhere to 11 norms of responsible state behaviour in cyberspace.
Within that report, one norm requires that states refrain from conducting any acts which intentionally damages or impairs a critical infrastructure to provide services to the public.
But, in the current scenario, do medical research facilities fall under ‘critical infrastructure’? At least, Australia seems to consider them so.
On April 16, 2020, Australia noted the reports of cyber attacks on critical infrastructure “including healthcare/medical services, facilities and systems, and crisis response organisations”.
At the UN, Johanna Weaver, Australia’s cyber negotiator said that it’s hard to think of anything else more critical than hospitals and health services during a pandemic.
Thus, in March, the UN Open-Ended Working Group in the field of information and telecommunications (OEWG) moved to indicate that they wish to turn that belief into a more formal proposition with the context of international security.
Following up on the same, sometime after Australia, Czechia, Estonia, Japan, Kazakhstan, and the US, in a joint proposal added that “the OEWG underscored that all states considered medical services and medical facilities to be critical infrastructure for the purposes of [the] norms”.
Therefore, currently, in the view of most nations, the latest round of attacks by the cybercriminals is nothing less than a serious violation of the international law, but what is being done about it?
Nothing that is aggressive enough to convey how serious the breach it because there exist many nations that don’t simply permit the misuse of networks within their territories but also encourage it. Then there are states which suppress free speech online and some which actively engage in damaging the critical infrastructure of others themselves. Therefore, to expect them to actually act on the agreed-upon OEWG norms is something that is far from reality.
What is your take on cybercriminals attacking vaccine distribution chain? Let us know in the comments down below. We will keep you updated on all future developments Until then, stay tuned.