Posted on November 25, 2021 at 4:56 PM
A recent report has emerged that U.S. bio-manufacturing facilities are actively being targeted by some hacking syndicates. According to the report from the Center for Bio-Economic Information Sharing and Analysis (BIO-ISAC), the threat actors are using the Tardigrade malware to exploit their targets. BIO-SAC noted that the new wave of attack was discovered in the spring. But it reappeared again last month when the malware was used to attack a second facility.
The Threat Actors Use A Complex Loader To Plant Malware
The bio-manufactured site and its partners have been advised to consider themselves targets and required to take actionable steps to protect their systems.
The report also revealed that some of the bio-manufacturing facilities may be involved in the production of COVID-19 vaccines. The cybersecurity group also admitted that the threat actors seem to be using a higher level of sophistication that make the attack very potent.
BIO-SAC says it has been investigating the activities of the ransomware group and is going public to alert those facilities that may be targeted.
Apart from using the Tardigrade malware, the threat actors also use a highly complex loader, the software that plants the malicious content into the system.
The security researchers are concerned that the threat actors are actively spreading the malware in the biomanufacturing sector. The malware also demonstrates an ability to evolve and disseminate – which are unusual features of malware.
State-Sponsored Actors Suspected In The Attack
According to the researchers, the initial attack affected computers across the bio-manufacturing unit. However, unlike other ransomware attackers, this threat group did not seem too forthcoming to demand a ransom payment. This means that the hackers may be launching their attacks for some other reason. It’s also an indication that they may be operating based on the order and support of a government.
BIO-ISAC stated that the attackers may be motivated by theft of intellectual property and espionage, as well as the plan to disrupt operations.
More importantly, the malware may be designed specifically to target bio-manufacturing facilities.
The report is coming after several security agencies reported attacks on medical and health facilities involved in the manufacture of Covid-19 drugs and vaccines.
In February, some researchers claimed that threat actors backed by the North Korean government launched attacks on pharmaceutical giant Pfizer. At the time, the report revealed that the threat actors were trying to steal information about Pfizer’s BioNTech-partnered Covid-19 vaccine.
Number Of Attacks On Bioeconomy Organizations On The Rise
This is not the first time bioeconomy organizations have been targeted by threat actors. There have been more than 15 publicly revealed attacks on these organizations over the past few years, even before the Covid-19 pandemic. However, the attacks became more intensified during the pandemic. The bad actors have also targeted government agencies, academic institutions, and private companies in the industry.
Moreover, the numbers of unreported attacks on these organizations are far higher than the number reported. This indicates that threat actors, both individuals and government-sponsored, are looking for more ways to infiltrate bio-manufacturing organizations.
BIO-ISAC also stressed the increasing dangers of attacking biomanufacturing organizations. It noted that cyberattacks that threaten biological equipment are always regarded as very critical because they can cause heavy damages.
Such attacks can threaten to alter or shut down a function that took a considerable amount of time and money to develop. It will also put the integrity and consistency of the entire production stage in jeopardy.
The researchers at BioBright have also been analyzing the Tardigrade malware and loader to understand its features. Their findings so far show that the threat posed by the malware is severe. As a result, they decided to make their findings public to alert everyone.
Pharmaceuticals Are Increasingly Targeted By Threat Actors
According to a senior digital biosecurity analyst at BioBright, Callie Churchwell, organizations need to review the segmentation of bio-manufacturing networks and find out the important equipment that requires protection. They should also carry out offline backups as part of their security against intrusions.
The researchers added that bio-manufacturing sites need to understand that they are constant targets in this new wave of attack. As a result, they should intensify efforts and take the right steps to review their cybersecurity and response postures.
Deloitte recently released a report, noting that the pharmaceutical industry is usually the number one target of cyber criminals – either station-sanctioned or private. The report also stated that the trend could continue for a longer time as pharmaceuticals move towards increased digitalization.