Posted on November 19, 2020 at 9:20 AM
Security researchers have revealed that there has been an increased level of mobile phishing attacks on pharmaceutical companies since the COVID-19 pandemic broke out.
With the development of covid-19 vaccine taking center stage in major pharmaceutical companies like Pfizer, mobile phishing threat actors have set their sights on stealing critical research.
In the past, threat actors target the employee credentials of these pharmaceutical companies. But according to new revelations from research, 77% of the mobile phishing attacks in Q3 2020 deliver malware to the victim’s system.
This shows a 100% increase in the rate of mobile phishing attacks on medical research and pharmaceutical companies.
To get hold of the highly anticipated coronavirus vaccine, cybercriminals have intensified their hacking exploits through remote access functionality, spyware, and other methods.
Senior manager of security solutions at Lookout, Hank Schless, reported about the new development
“There have been multiple reports of foreign adversaries targeting pharmaceutical industry executives with mobile spear-phishing attacks,” he said.
A high number of attack cases on pharmaceuticals
Recently, the U.S. Cybersecurity and Infrastructure Security Agency as well as U.K.’s National Cyber Security Center issued an advisory to the pharmaceutical companies and the public at large. The agencies advised those involved in the development of the COVID-19 vaccine to raise their cybersecurity levels and improve their security practices.
The more worrying thing about the threat actors is the level of sophistication used, especially the state-sponsored hacking campaigns. That is the more reason why pharmaceutical firms involved in vaccine development should be more cautious about security.
Phishing campaigns tailored at tablets and smartphones
In the past, the bulk of cyberattacks was on laptops and personal computers. But that is not the case anymore, as these threat actors have seen their attack is usually more successful on smartphones and tablets. And the increased number of smartphone users only means the attacker has to redirect their hacking and phishing activities towards these groups.
The Lookout cybersecurity researchers also revealed that most of the phishing attacks take advantage of the security vulnerabilities in tablets and smartphones.
The security firm analyzed security breach records from more than 125 million mobile apps and about 200 million mobile devices.
Based on the report, the major reason for the increase in attacks targeting mobile devices is the recent shift to remote work due to the COVID-19 pandemic. To be more productive while working from home, employees started relying heavily on mobile devices.
And since these mobile devices have some vulnerability issues, the threat actors are more than likely able to infiltrate the networks of the company through the devices.
Although email is still the most common phishing attack method, hackers now have a wide variety of options to launch attacks due to the different social media platforms and apps people use on their smartphones.
Schless also pointed out that threat actors can socially engineer mobile device users on a wide range of channels, including iMessage, SMS, and 3rd party platforms. The threat actor can use any of the options and tailor their phishing attack towards that option.
In a lot of the cases discovered by researchers, credential harvesting has been the aim of the phishing attacks, with the threat actor tricking the victim to disclose their username and password.
Once the login credentials have been obtained, the cybercriminal can use the employee’s detail to gain access to the company’s infrastructure to steal sensitive data.
Best security practices will curb the attack
The hackers are also tricking their victims into downloading malware into their devices, allowing the cybercriminal to monitor the device in the background. The user may not have an idea there is malware running in the background. While in the device, the malware snoops on the user activities to have access to important files and storage drives.
The level of mobile device use has increased in the pharmaceutical industry. Employees with access to manufacturing, research, and the supply chain network can be targeted by hackers.
Once they succeed in infiltrating the victim’s mobile device, they will have a better chance of snooping to gain access to important company data. As a result, pharmaceutical companies have been warned to beef up their security and educate their employees on best cybersecurity practices.