Biomanufacturers are facing persistent malware attacks, says cybersecurity group

The Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) has released an advisory following an investigation into an advanced persistent threat (APT) attack targeting biomanufacturing facilities.

Researchers at biomedical and cybersecurity company BioBright began investigating the APT attack after a large, unnamed biomanufacturing facility was involved in a cyberattack in the spring of this year. BIO-ISAC said BioBright identified a malware loader “that demonstrated a high degree of autonomy as well as metamorphic capabilities”.

The APT attack, now named Tardigrade, was also discovered at a second unidentified biomanufacturing site in October.

In the threat advisory, published this week, BIO-ISAC advised biomanufacturing sites and their partners to assume they are targets of the malware and “take necessary steps to review their cybersecurity and response postures”.

Analysis of the cyberattack is ongoing, but BIO-ISAC said it had decided to bring its initial findings to the public’s attention due to the “advanced characteristics and continued spread” of the active APT.

The pharmaceutical industry has been a prime target for cybercriminals for some time, and the development of valuable new Covid-19 vaccines and drugs has only heightened the risk of a security breach for drug companies.

Last November, the National Cyber Security Centre (NCSC) reported that it had defended the UK health sector from 723 incidents between September 2019 and August 2020, with around 200 of the attacks relating to Covid-19.

This year, the number of cybersecurity incidents managed by the NCSC reached an unprecedented 777. The centre said around 20% of the organisations it had supported were related to vaccines and the health sector.