Due to the recent growth of the pharmaceutical industry, the value of highly-sensitive data stored in pharmaceutical systems and the degree of the potential damage that cyberattacks on the industry can cause, it is safe to say that pharma could be one of the most targeted industries by cybercriminals in 2023. Ransomware, phishing attacks, business applications and third-party vendors will be some of the biggest threats to this key vertical as we approach the new year.
The threat of ransomware is nothing new, but cybercriminal tactics surrounding ransomware continue to evolve, making the pharma industry susceptible to these kinds of attacks now more than ever. With the ongoing COVID-19 pandemic, ransomware groups’ attraction to pharma and life sciences organizations is at an all-time high with classified information, research and vaccines stored in these systems – we have seen targeted attacks in this sector over the last few years with REvil/Sodinokibi, Egregor and Conti. In 2021, there was a 44% spike in cybercrime within healthcare organizations.
Double extortion, a tactic that involves combining high ransom demands with the threat of making private information available to the public, is becoming a popular technique for ransomware groups. Attackers are able to find the best places to encrypt systems during an attack by lurking in a target’s network for some time, completely undetected. Ransomware tactics are increasingly successful in extracting sizable payments from unwitting victims at a time when trust is essential to any organization’s reputation and performance.
The number of phishing attacks targeting the pharmaceutical industry between December 2020 and February 2021 increased by 189%— during this same time period, there was a 530% increase in phishing attacks specifically related to vaccines. Threat actors were able to create fake websites pretending to be pharma companies offering COVID-19 vaccines, and then steal credentials when users attempted to sign in. Unfortunately, pharma organizations involved in developing COVID-19 vaccines, and vaccines in general, continue to be hot targets for cybercriminals. As the COVID-19 pandemic continues, and as new cases are reported every day and new booster shots roll out, we can expect these targeted attacks on pharma organizations offering vaccines to continue.
With the increases in attacks on business applications highlighted by the latest technical alerts, as well as current activity alerts from CISA and the shift in focus toward the pharma industry by threat actors, there is a weak spot that threat actors will continue targeting in 2023 – business-critical applications. These applications are vital to keeping pharma industry operations up and running properly and have been consistently overlooked from a security standpoint.
Third-party vendors providing critical services to pharmaceutical organizations are low-hanging fruit to cybercriminals looking for an easy win. While most internal systems of pharma organizations themselves are secure and equipped with robust cybersecurity measures to keep these cybercriminals out, it is likely that outsourced vendors for services like sales, IT and reporting are not as well-equipped – over half of 2021’s data breaches were connected to third-party vendors.
With the average cost of a data breach in the pharmaceutical industry surpassing $10 million in 2022, it has become the most costly data breach across all industries and sectors, and when the breach involves a third-party vendor, these costs increase significantly.
The pharmaceutical industry houses some of the most valuable data and technology in our world, which places a massive target on this industry’s back when it comes to malicious cybercriminals. Not only is patient data a hot target for these criminals, but advances in technology, drugs, clinical trials and other highly-sensitive research projects are also accessed through these same systems that continue to be preyed upon. In order to secure databases in the industries that are most critical to our quality of life, organizations must familiarize themselves with the biggest potential threats heading into the new year and how to protect themselves – through robust cybersecurity controls and trusted partners.
About JP Perez-Etchegoyen
As CTO, JP leads the innovation team that keeps Onapsis on the cutting edge of the Business-Critical Application Security market, addressing some of the most complex problems that organizations are currently facing while managing and securing their ERP landscapes. JP helps manage the development of new products as well as support the ERP cybersecurity research efforts that have garnered critical acclaim for the Onapsis Research Labs.