Hackers try to penetrate the vital ‘cold chain’ for coronavirus vaccines, security team reports

The hackers took measures to hide their tracks, and the cyber-sleuths did not name which state might be behind the campaign.

The IBM team said it was not known why the hackers were trying to penetrate the systems. It suggested that the intruders might want to steal information, glean details about technology or contracts, create confusion and distrust, or disrupt the vaccine supply chains.

The hackers probably sought “advanced insight into the purchase and movement of a vaccine that can impact life and the global economy,” the IBM team said.

Because there was “no clear path to a cash-out” as there is in a ransomware attack, there was an increased likelihood of a state actor’s being involved, IBM said. However, the IBM investigators cautioned, it was still possible that criminals could be looking for ways to illegally obtain “a hot black-market commodity” such as an initially scarce vaccine.

The new

Read More

Hackers Target Covid-19 Vaccine Distribution ‘Cold Chain’: IBM

A special freezer manufactured by Binder, seen here in Tuttlingen, Germany in November 2020.

Photo: Thomas Kienzle (Getty Images)

Hackers “assumed to be state agents” have been waging a phishing campaign against pharmaceutical firms and other institutions involved in the forthcoming distribution of a vaccine against the novel coronavirus, IBM announced on Thursday.

In a post on Security Intelligence releasing their findings, IBM Security X-Force researchers wrote that “precision targeting of executives and key global organizations hold the potential hallmarks of a nation-state tradecraft,” adding the unknown hackers likely sought to obtain “advanced insight into the purchase and movement of a vaccine that can impact life and the global economy.” The target, according to IBM, appears to be the “cold chain”—a term for the logistics network that allows vaccines and other drugs to be carried from point of manufacture to distribution in temperature-controlled shipping containers. What the attackers hoped to accomplish is unknown, with possible motives ranging from theft of

Read More

Hackers Are Targeting the Covid-19 Vaccine ‘Cold Chain’

Since the Covid-19 pandemic began, hackers and scammers have focused extraordinary attention on it, whether for espionage or for grift. Now, as pharmaceutical companies prepare to ship long-awaited vaccines, a new round of sophisticated phishing attacks is focused on the complex supply chain that will get them to people in need.

Two of the leading Covid-19 vaccine candidates, by Pfizer and Moderna, have been submitted to the FDA for emergency authorization; the agency is scheduled to evaluate Pfizer’s application on December 10, and Moderna’s one week later. UK regulators approved Pfizer’s vaccine on Wednesday. Which means that the next challenge for both vaccines is transporting them. They must be kept at frigid temperatures—minus 4 degrees Fahrenheit for Moderna, and 94 degrees below for Pfizer—requiring a network of specialists known as the “cold chain.” Today, security researchers at IBM are releasing findings that a campaign has for months targeted a significant

Read More

Coronavirus Vaccine Makers Targeted By North Korean Hackers Who Wanted To Steal Information

KEY POINTS

  • Kimsuky hacker group targeted at least six drugmakers
  • The cyberattacks targeted companies developing COVID-19 treatment
  • Russian and North Korean hackers attacked AstraZeneca in November

A group of North Korean hackers has targeted half a dozen pharmaceutical companies in the United States, United Kingdom and South Korea in a coordinated cyberattack. 

Kimsuky, a notorious hacker group, targeted drugmakers working on potential coronavirus vaccines and treatments as part of an effort to steal sensitive information that could be sold or weaponized by the North Korean regime. 

Authorities said any stolen information could be used to extort victims or give foreign governments a strategic advantage. 

Since August, the hackers have worked to infiltrate U.S. companies Johnson & Johnson and Novavax Inc. The hackers also launched coordinated cyberattacks on South Korean companies Genexine Inc., Shin Poong Pharmaceutical Co. and Celltrion Inc., sources told the Wall Street Journal.

Both American drugmakers are working

Read More

iOS Wi-Fi Exploit Could Have Let Hackers Remotely Access Nearby iPhones

Earlier this year, Apple patched an iOS vulnerability that potentially could have allowed hackers to remotely access nearby iPhones and gain control of their entire device.

awdl ios hack beer


Devised by Ian Beer, a researcher at Project Zero, Google’s vulnerability research team, the exploit used a vulnerability in Apple Wireless Direct Link (AWDL), Apple’s proprietary mesh networking protocol that enables things like AirDrop and Sidecar to work.

Beer revealed the stunning exploit on Tuesday in a 30,000-word blog post, which shows in detail how a memory corruption bug in AWDL could give attackers remote access to a user’s personal data, including emails, photos, messages, and passwords and crypto keys stored in the keychain.

The vulnerability was discovered by Beer in a 2018 iOS beta that Apple accidentally shipped without stripping function name symbols from the kernelcache, offering a wealth of missing context about how bits of code fit together.

After lengthy investigative work,

Read More

How Hackers Could Trick Unwitting Scientists Into Producing Dangerous Genes

Illustration for article titled How Hackers Could Trick Unwitting Scientists Into Producing Dangerous Genes

Photo: Juan Mabromata (Getty Images)

In a new letter to the editor pulled from the prestigious scientific journal Nature, a team of Israeli researchers pose a frankly wild-sounding question: could a computer hack result in a scientist being swindled into creating a piece of genetic code that’s harmful—or potentially toxic—rather than helpful?

The answer seems to be yes, albeit with some pretty weighty caveats. The “end-to-end cyberbiological attack” described above requires some lackluster cybersecurity chops from both sides of the genetic research supply chain: both the academics who might order genetic materials online, and the labs that might supply those materials back. While this sort of attack hasn’t been seen in the wild yet, the research team behind the letter pointed out that it’s not outside the realm of possibility—especially as more and more genetic research moves into the digital realm.

At the heart of this

Read More

Robots for kids: STEM kits and more tech gifts for hackers of all ages

All the signs were there. If my parents knew then what parents know now, they would have been prepared. But back in the 1960s and 1970s, the maker movement was still far in the future. Robots were something you only saw in movies and awesome TV shows (or as my Mom would often put it, “What in the world are you watching?”). Telling her that Lost in Space wasn’t “in the world” tended to get me the All Powerful Glare of Motherly Annoyance.

But now, if a kid is a natural tinkerer, there are positive outlets for their inclination. There are great STEM (science, technology, engineering, and mathematics) kits and toys that can ignite a kid’s interest and focus it on learning, while at the same time making learning fun.

In this guide, we’re focusing mostly on the technology and engineering areas, providing you with some great kits and toys

Read More

Xbox Live Bug Let Hackers Access Gamertag Email Addresses

A bug in Xbox Live allowed hackers to find any email associated with a registered gamertag. The site used to report bad behavior in the Xbox online community was hiding a vulnerability that allowed hackers to snag user email addresses.

that last week an anonymous hacker reached out to them claiming to be able to find the email attached to any Xbox gamertag. Motherboard verified the hacker’s claims by sending them two gamertags, one of which was created specifically for this testing. Within seconds the hacker sent back the email addresses these tags were registered with. Normally, these email addresses are supposed to be private. Another anonymous hacker told Motherboard that the bug could be found in the . This page is where players can contact the Microsoft team that monitors Xbox’s online communities.

Despite the apparent threat to customer security, Microsoft’s original response to this security breach was not

Read More

Hackers could steal a Tesla Model X in minutes, security researchers say

It was the latest security experiment from the COSIC group at the University of Leuven in Belgium, which had previously found a similar vulnerability with Tesla’s Model S luxury sedan, where a key fob was also to blame.

The researchers said they were able to break into the SUV, which starts at $80,000, using a few hundred dollars’ worth of equipment.

Researchers noted that process took about 90 seconds.

The researchers, who informed the company of their findings on Aug. 17, said Tesla is rolling out an update intended to address the issue. An over-the-air software update is being pushed to the key fobs, they said, which will better lock them down.

Wired was first to report on the vulnerability. Tesla did not respond to a request for comment.

Lennert Wouters, a PhD student at the COSIC research group, said in an email that the problem is not necessarily unique

Read More

Boom In Demand For Friendly Hackers As 5G Approaches

As the number of online devices surges and superfast 5G connections roll out, record numbers of companies are offering handsome rewards to ethical hackers who successfully attack their cybersecurity systems.

The fast-expanding field of internet-connected devices, known as the “internet of things” (IoT) which includes smart televisions and home appliances, are set to become more widespread once 5G becomes more available — posing one of the most serious threats to digital security in future.

At a conference hosted by Nokia last week, “friendly hacker” Keren Elazari said that co-opting hackers — many of whom are amateurs — to hunt for vulnerabilities “was looked at as a trendy Silicon Valley thing six to eight years ago”.

The "internet of things" will provide cyber criminals with new ways to exploit faults in personal security systems The “internet of things” will provide cyber criminals with new ways to exploit faults in personal security systems Photo: AFP / NICOLAS ASFOURI

But “bug bounty programmes” are now offered by organisations ranging from the

Read More