Cyber Threats To The Pharmaceutical Industry: Johnson & Johnson Experiencing OT and IT Attacks From Nation State Attackers

As each day passes, so does the increasing amount of security risks with the cybersecurity attack vector. Every organization can easily fall victim to another cyber threat, but recently, the pharmaceutical industry has become a prime target.

The increasing number of attacks on pharmaceutical organizations is due to the ongoing COVID-19 vaccine development and distribution and this has resulted in the pharmaceutical sector becoming the most attractive industry for cybercriminals. A successful vaccine has become one of the most valuable intellectual properties for cyber attackers. Beyond attacking the pharmaceutical formula, its data on testing the drug trials have become a tempting target for nation-state attackers

A recent example of pharmaceutical companies being attacked is when the Wall Street Journal reported that North Korean state attackers have targeted pharmaceutical companies in the U.S., including Johnson & Johnson. This sparked the Chief Information Security Officer at Johnson & Johnson to say in an interview that they are experiencing attacks from nation-state threat actors "every single minute of every single day."

This tale isn't new as in late 2010 North Korean threat actors reportedly targeted UK-based vaccine maker AstraZeneca whose vaccine was co-developed with the University of Oxford. The attack method was spear phishing via social media intending to inject malware by way of offering AstraZeneca employees fake job offers. 

The attack surface of pharmaceutical organizations will only continue to grow and the need for better cybersecurity will become more of a priority as more pharma companies will fall victim which could result in disastrous consequences.

Pharma A Prime Cyber Attack Target 

The pharma industry is no stranger to being targeted by attackers. Pharmaceutical companies suffer more breaches than any other industry as a result of malicious activity with an average breach resulting in a loss of over 5 million dollars according to the 2020 Cost of a Data Breach Report. Nation-state attackers are induced to target pharmaceutical firms for financial profit, which was one of the main goals for the cybercriminal group who launched the reportedly North Korean government-sponsored attacks.

Cyber espionage is now being recognized as another influential reason for state-sponsored attackers attempting to gain technological advantage for their countries’ economies. The pharmaceutical industry's key components are based on innovation with comprehensive R&D investments, intellectual property, and patented data. Anytime any data or property is affected or exploited by an attack it can result in devastating losses which can erode patient and consumer trust.

The 2019 attack on German drug conglomerate Bayer is an example of cyber espionage by a state-sponsored attack. Bayer fell victim to a cyberattack from the Chinese threat actor group known as Wicked Panda. The attackers used the Winnti malware, which makes it possible to access a system remotely and then pursue further exploits once in the system. 

Pharmaceutical Intellectual Property Attacker's Favorite Target

Sensitive information and data are not the only attractive targets of pharma companies that hackers are looking to exploit and gain access to. Nation-state hackers have their eyes on a different prize, intellectual property. Protecting intellectual property has always been a priority for the pharmaceutical industry.

Pharmaceutical products are typically only protected by patent for seven years in the United States, and this data could help foreign generic drug manufacturers to be more ready for the expiration of the patent. For example, Chinese nation-state hackers are targeting US pharmaceutical companies to gather information and share it with Chinese companies to offer an advantage against their western competitors. 

The years of research and development into developing new pharmaceuticals have attracted hackers to exploit intellectual property somewhat enticing. Recent attacks have targeted intellectual property such as information related to the development of a vaccine or other medical mitigation measures.

Another risk that many pharmaceutical companies experience is that the technology used in their manufacturing systems is much older than the internet, which results in systems being extremely insecure. They were originally designed as ‘air-gapped’, or isolated systems and not built to confront any cybersecurity attacks. For pharmaceutical companies, any size attack by an adversary can result in loss of productivity and availability of physical devices. This can lead to safety issues, reputation, financial losses, and even death. 

To fight off different attacks, and the possible exploitation of vulnerabilities, organizations and more specifically enterprises need to address the need to secure the crucial intellectual property while understanding which devices and technologies are at risk. This starts with increasing awareness of nation-state attacks and adopting a more proactive approach to cybersecurity.

What Pharmaceutical Firms Can Do

Pharmaceutical firms need to allocate the right amount of attention and resources to understand what they can do to protect the company’s data and system. The first step is understanding the different risks that come with pharmaceutical manufacturers and systems and what steps are needed to ensure better security.

With the increased attention and awareness of state-sponsored attacks over the past few years, pharmaceutical companies now are understanding the importance of implementing the right security practices when it comes to securing their IT and OT systems. As pharmaceutical manufacturers move forward digitally and continue to modernize their processes with more robotics and IoT technologies, this creates new entry points for attackers to exploit and move laterally within an organization's system and servers. 

In the past, most manufacturers were using stand-alone systems, but with the advancement of technology, they are increasing their connections to the internet to allow third-party contractors and vendors to gain access to work with their equipment. This has forced the security teams at pharmaceutical companies to change their approach to securing their product. 

While not every pharmaceutical company has changed its security approach, there has been a massive increase in awareness which has led to changes in the industry. Some companies, like Taro and Rafa, have taken a more proactive approach when securing their connected OT environments with a passive network monitoring solution, specifically designed for OT environments. This has allowed them to have full visibility into their network, reduce the risk of operational downtime, improve their network security and comply with demanding industry regulations.

As pharmaceutical organizations continue to be on the radar for cyberattacks, now is the time to take action and detect and mitigate any risks. Having the right approach and strategy in place with the right blend of awareness and technology, pharmaceutical organizations can now implement the right approach to securing their data, servers, and intellectual property against cyber attacks.

How SCADAfence Discovered Targeted Ransomware In A Pharmaceutical Facility

SCADAfence’s Incident Response team recently assisted a big pharmaceutical company with an industrial cybersecurity emergency. This research has been published with the goal of assist organizations to plan for such events and reduce the impact of targeted industrial ransomware in their networks.

For more detailed information on this story, download the full whitepaper here: https://www.scadafence.com/resource/anatomy-of-a-targeted-ransomware-attack/