Biomanufacturing facilities in the US are being actively targeted by an anonymous hacking group leveraging a new custom malware called ‘Tardigrade’.
In a new threat advisory, the Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) claimed this week that the first attack was launched using this new malware in spring 2021, followed by the second assault in October.
New malware strain
According to BIO-ISAC, Tardigrade possesses advanced features and is supposedly the work of an advanced threat detection group or a nation-state intelligence service. The malware is primarily used for espionage though it can also cause other issues including network outages. The recent assaults are also believed to be linked to Covid-19 research as the pandemic has shown just how crucial biomanufacturing research is when creating vaccines and other drugs.
Tardigrade’s functionality includes a Trojan, keylogger, data theft, and also establishes a backdoor into targeted systems.
There is some debate regarding the origins of the code used in Tardigrade as BIO-ISAC believes the malware is based on Smoke Loader, a Windows-based backdoor operated by a hacking group called Smoky Spider. However, security researchers that spoke with Bleeping Computer believe that it is a form of the Cobalt Strike HTTP.
“The biomanufacturing industry along with other verticals are so far behind in cybersecurity, making them a prime target for bad actors. Cyberattacks mostly happen to those that provide easy access or least path of resistance,” George Gerchow, chief security officer of machine data analytics company Sumo Logic Inc., told SiliconANGLE.
“This is a blatant example of how attackers are focusing on human health during a time of high anxiety, and bioscience is an easy target. The industry is going to have to move quickly to put proper cyber security controls in place. It is going to be a huge mountain for them to climb as some of the companies in the industry have antiquated technology, lacked the proper skill sets, and relied too much on legacy security tools,” Gerchow added.
The BIO-ISAC report recommends the following steps for biomanufacturing sites that will enhance the security and response postures (i) Scan your biomanufacturing network segmentation, (ii) Collaborate with biologists and automation experts to design a full-proof analysis for your firm, (iii) Employ antivirus with behavioral analysis capabilities, (iv) Participate in phishing detection training (v) Stay vigilant.