March 2, 2021

Volume XI, Number 61


March 01, 2021

Subscribe to Latest Legal News and Analysis

Cyber Attackers Threaten COVID-19 Vaccine Distribution Chain

As COVID-19 vaccine approvals and eventual distribution kicks into high gear, there has been a corresponding – and not particularly surprising – increase in cyber threat activity targeting both vaccine producers and other companies involved in the vaccine distribution chain. Most notably, “cold chain” companies responsible for safely storing and transporting the vaccines have been targeted. The problem has become so severe that both the Federal Bureau of Investigation (FBI) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently issued a joint security alert on December 3, 2020 highlighting the risk to the coronavirus vaccine distribution chain.

The alert from the FBI and CISA follows on the heels of an international security alert issued by Interpol warning that there may be an onslaught of all types of criminal activity linked to the COVID-19 vaccine by organized criminal . On December 2, 2020, Interpol issued an “Orange Notice” outlining   potential criminal activity against COVID-19 cold chain transporters and highlighting the risks associated with online fraud linked to “advertising, selling and administering fake vaccines.”  Interpol warned that, as COVID-19 vaccines get closer to approval and distribution, it will be critical to “ensure the safety of the supply chain and identifying illicit websites and fake products.” Interpol also advised member nations to warn the public about cyber threats associated with websites purporting to offer information about vaccines. Notably, Interpol found that, after reviewing over 3,000 websites of online pharmacies suspected of selling illicit medicines and medical devices, “around 1,700 contained cyber threats, especially phishing and spamming malware.”

The threat alert released by the FBI and CISA   included information provided by the IBM Security X-Force threat intelligence task force, which is dedicated to monitoring COVID-19 cyber threats. For example, the IBM intelligence report highlighted a recent global phishing campaign targeting organizations associated with the COVID-19 vaccine distribution chain, which targeted many leading COVID-19 vaccine producers. As part of this campaign, cyber threat actors sent spear-phishing emails directly to executives involved in sales, procurement, IT, and finance positions at pharmaceutical companies involved in developing vaccines. In addition, the cyber threat actors sent phishing emails in “Requests for Quotations” to COVID-19 vaccine executives throughout the world. The emails contained malicious HTML attachments in order to conduct “credential harvesting” attacks and steal login and passwords for many of the victim’s accounts.

The IBM security intelligence report recommends the following defenses to help combat cyber threats against the COVID-19 distribution chain:

  • Create and test incident response plans

  • Share and ingest threat intelligence

  • Assess your third party ecosystem and assess potential risks

  • Apply a zero-trust approach to your security strategy

  • Use multifactor authentication (MFA) across your organization

  • Conduct regular email security educational training

  • Use Endpoint Protection and Response

Given the proliferation of cyber-attacks against vaccine producers and the COVID-19 vaccine distribution chain, organizations involved in vaccine development or distribution should carefully review and study the recent threat alert from the FBI and CISA. Finally, in these turbulent times, it is critical that everyone remain vigilant of the threats surrounding the entire COVID-19 vaccine distribution chain.

© 2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.National Law Review, Volume X, Number 343



About this Author


Jason G. Weiss is an attorney and award-winning law enforcement and cybersecurity professional who served with distinction for over two decades at the Federal Bureau of Investigation. He is Counsel in Drinker, Biddle and Reath’s Information Governance and E-Discovery group, where his practice focuses on cybersecurity incident preparedness and response, compliance with CCPA and other information governance laws and requirements, as well as data analytics, investigations, and e-discovery.

Prior to joining Drinker Biddle, he was most recently a Supervisory Special...

Peter Baldwin, Securities lawyer, Drinker Biddle

Peter W. Baldwin, a former federal prosecutor, defends clients facing white-collar criminal and internal investigations, securities enforcement actions, cybersecurity issues, and other complex civil and criminal litigation matters. Prior to joining Drinker Biddle, Pete spent over eight years as an Assistant United States Attorney in the U.S. Attorney’s Offices for the Eastern District of New York and Central District of California. In this role, he supervised all aspects of criminal investigation and prosecution, first as a member of the Major Frauds Section in the Central...

(212) 248-3147