Last week, India-based pharmaceutical company Dr. Reddy's Laboratories received permission from the Drugs Controller General of India (DCGI) to begin human trials of a coronavirus vaccine developed by Russia, called the Sputnik V Covid-19 vaccine.
Just days after the announcement, the company was hit with a cyberattack, affecting sites in the U.S., U.K., Russia, India, and Brazil.
Dr. Reddy's response to COVID-19 cyberattack
The exact nature of the attack has not been made public yet.
The company has declined to comment on whether or not its manufacturing facilities have been affected, however, there have been reports that they have temporarily shut down operations at some locations to minimize the impact of the incident.
The company's CIO, Mukesh Rathi, did have this to say regarding the attack:
"In the wake of a detected cyber-attack, we have isolated all data centre services to take required preventive actions. We are anticipating all services to be up within 24 hours and we do not foresee any major impact on our operations due to this incident."
Data integrity is crucial to the pharmaceutical industry, as it ensures the quality of medicines and other products that are used to treat people.
Pharma industry experts say that data breaches can become "serious and critical" events, which is why it can sometimes be best to stop production and analyze the attack to shore up security issues. However, it is not clear if that happened in this case.
Nation-state actor trend: going after coronavirus research
What we do know is that cyber bad actors continue to target COVID-19 related research.
Earlier in 2020, the U.S. and U.K. issued a joint alert explaining that Russia and other nation-state hackers were observed going after coronavirus research.
"The NCSC and CISA are currently investigating a number of incidents in which threat actors are targeting pharmaceutical companies, medical research organisations, and universities. APT groups frequently target such organisations in order to steal sensitive research data and intellectual property (IP) for commercial and state benefit."
Also, suspected nation-state actors launched a cyberattack against the World Health Organization during the heart of the pandemic. SecureWorld interviewed cyber attorney Alexander Urbelis, who uncovered the live, sophisticated cyberattack against the WHO.
Listen to our podcast episode: Coronavirus Cyberattack at the World Health Organization:
What would the motives for attacks like these be? Urbelis has some ideas:
"Any nation that could acquire, or any company that could acquire an advanced preview of the World Health Organization statistics with respect to the pandemic itself, and its proliferation in other countries... or information or intelligence with respect to palliative care vaccines underway. All of this information could give a country or private industry or even I daresay investors, a massive leg up in terms of competitive business as well as nation-state level intelligence."
For more examples of COVID-19 cybercrime, read Coronavirus Cybercrimes: Are these the Lowest?