Last February, Forbes magazine released an exclusive that caused a stir in the cybersecurity community. This publication revealed that hackers had managed to break into the systems of the Division of Structural Biology (known as Strubi) at the University of Oxford. The news hit hard, as initially it was feared that the attack could affect the AstraZeneca vaccine, developed in conjunction with this institution. Oxford quickly allayed these fears, insisting that Strubi wasn’t directly involved in the vaccine, although the division is researching with COVID-19 cells that could lead to the development of other vaccines in the future.
The cyberattack ended up being more serious than it first appeared, as it not only threatened traditional systems like lab computers but also targeted the machines to prepare biochemical samples. Cybersecurity analysts believe that this hit was perpetrated by a financially motivated criminal ring possibly from Brazil, as in previous cyberattacks they had tried to sell information to APT groups linked to foreign powers.
Weeks before Forbes released this news, we warned in our blog that a cyberattack of this nature could occur. We flagged up research from the Ben Guiron University in Israel published in the magazine Nature, which suggested that hackers could break in and tamper with the OT systems of biological labs. This hypothesis went beyond simple vaccine information theft, they even considered a terrorist cyberattack, in which the composition of drugs could be altered without the lab’s knowledge, in an attempt to harm the population.
What is clear is that both the hypothetical scenario presented by Ben Guiron and the real-life cyberattack on the University of Oxford can be explained by the scientific race among competing powers, as cyber espionage situations had occurred previously with COVID-19 vaccines, just as we have explained. But they’re not the only cyberattacks related to the virus, as we’ve been reporting since March last year, hackers have exploited the pandemic in many ways:
- Directly: through attacks like those described on vaccine research, but also targeted on hospital systems, as occurred with the provider Interserve or the damage caused by Netwalker ransomware on health centers. According to Antonio Grimaltos, technical officer of the Department of Health at the Valencian Regional Government, we’re in highly vulnerable situation.
- Indirectly: via phishing campaigns that exploit the interest in COVID-19, like Trickbot did to deploy Ryuk ransomware; but also through the surge in working from home, which increased the attack surface for hackers and enabled them to leverage more vulnerabilities such as remote work platforms.
AI to deal with advanced threats_
The cybersecurity analysts that reported the breach at the Oxford labs stressed that we’re dealing with a very sophisticated cyberattack which managed to get around several cybersecurity measures. In other cases they sell the information to APT groups linked to governments, so if they do this together with the direct financial extortion they practice, it means we’re definitely dealing with highly skilled professional criminals.
Faced with increasingly dangerous threats from hackers, biomedical research organizations and health institutions need to deploy advanced cybersecurity solutions. These solutions must go much further than traditional ones and be able to detect even the slightest indication of suspicious behavior.
In response, Cytomic Platform uses artificial intelligence techniques and behavioral analysis to detect anomalous patterns that could indicate unauthorized intrusion. It correlates and analyzes more than 8 million interconnected events in real time through AI algorithms and Machine Learning. This significantly increases the chances of the SOC at medical and hospital research organizations being able to detect threats before they develop to the stage where they cause a security breach like Strubi.