Swiss pharmaceutical organisations confront cybercriminals
Cybersecurity experts have unanimously observed a sharp and dramatic increase in phishing and spearphishing attacks in the themes that most often revolve around coronavirus.
And of course it works because the current context all Internet users and users of several online services risk themselves towards information that they think is important or even essential. Yet the majority of these notifications are beautiful and many pitfalls intended to steal information or install malware on the terminals of these.
It is on the pharmaceutical side that the problem remains. One is made a race against time is engaged in the aim of finding a cure for covid-19. Several laboratories around the world are involved in this project. And of course everyone wants to be first. A race that will of course generate certain malicious behaviors such as industrial espionage. Then the context becomes simple. On the one hand, doctors and researchers who initially try to find a vaccine to the virus that has plunged the world into an unprecedented health crisis, on the other hand, it comes to cyber criminals who are on the lookout, looking for every opportunity to steal its research results. And most often cybercriminals serving foreign states. For example, last May, the United States publicly accused China of repeatedly attempting, through cybercriminals, to illegally break into the computer systems of several U.S. research institutions, with the aim of stealing medical secrets about the search for a cure for disease. The United Kingdom also claimed to have suffered several attacks without accusing anyone in a specific way. As for the cyberattack suffered by the World Health Organization, the Iranian state was the first to be suspected on the issue during the month of April. Not to mention that Russia also with suspects and for this cyber intrusion.
"These actors are being observed seeking to illegally i[…]dentify and obtain data on vaccines, treatments and screenings from the networks and personnel involved in Covid-19 research," the U.S. Federal Police and cybersecurity and infrastructure security agency said in a statement last month.
As mentioned above, cyberattacks have exploded since the beginning of the health crisis. However, another form of impactful cybercrime has been developing for some time. That of spying on medical research institutions. The discovery of coronavirus vaccines has become a strategic and of course geopolitical issue. Every state in the world wants this opportunity to produce this remedy first. It is remembered that during the month of March, the US President tries to negotiate the exclusivity of a potential vaccine when it is discovered. So, will engage behind this competition another race but this time, in the shadows. This time intended to spy on the other in order to steal as much information as possible.
It must be admitted that cyber espionage in particular that intended for theft of intellectual property is usually surrounded by a great secret so that ordinary people can not really soak it up. However some large institutions are known to be generally the target of this kind of act of cyber malice. These include pharmaceutical giant Gilead, German company Bayer, Oxford University, etc.
As far as Swiss pharmaceutical organisations are concerned, the problem is general. They are also affected by cyber-espionage, which is also involved in research into covid-19. But for their part the threats do not seem so concrete, as could be seen in the United States, or in Germany. However: "We are not seeing an increase in cyberattacks," said Nathalie Meetz, a spokeswoman for Roche. "But they are constantly going on and evolving. A lot of our IT staff are working to build safer systems," she adds.
On this side, the Swiss authorities prefer to adopt a preventive attitude. "The National Centre for Cybersecurity (NCSC) has regular contact with research organizations and universities, regardless of the Covid-19 crisis," notes Pascal Lamia, the first head of the Information Security Registration and Analysis Centre (MELANI). He further points out that: "These organisations, as well as other critical infrastructure operators in Switzerland, regularly receive information on the current cyber threat situation." For this reason, MÉLANI "published a directive on telework during the coronavirus crisis." However, it should be noted that in the field of industrial and even scientific cyber espionage, involving a foreign power, the competence of the Intelligence Service of the Confederation which put more emphasis. To this end, a prevention programme called Prophylax has been set up, led by the SRC "for several years with Swiss companies and universities" to protect companies and other organisations from the theft of sensitive data.
Now access an unlimited number of passwords:
