Content

Dr. Reddy Labs discloses cyberattack soon after getting ok for final COVID vaccine trial

Indian pharmaceutical company Dr. Reddy Laboratories reported a cyber attack about a week after the company was granted permission to begin its final stage trials for a Russian COVID-19 vaccine.

In a statement released by Dr. Reddy’s to the National Stock Exchange of India, Chief Information Officer Mukesh Rathi said the company had isolated all data centers services and took required preventive actions. Rathi added that Dr. Reddy’s anticipated that all services would be up within 24 hours and does not believe the incident will have any major impact on its operations.

Saryu Nayyar, CEO at Gurucul, said the breach against India’s Dr. Reddy Laboratories again shows that there’s no sector of industry that’s safe from attack. 

“While the victim here expects to recover within 24 hours, the attack could have had far greater impact,” Nayyar said. “Given that they are working to conduct second and third stage clinical trials of a COVID-19 vaccine, a significant downtime could have impacted millions by delaying the vaccine.”

Jamie Hart, cyber threat intelligence analyst at Digital Shadows, added that COVID-19 has brought the perfect distraction for threat actors to leverage and exploit, and they have not been shy about targeting pharmaceutical companies throughout the pandemic.

“The sensitive personally identifiable information stored by health care organizations is of high value to financially-motivated threat actors,” she said. “It can be resold on cybercriminal forums and marketplaces and used to facilitate various types of fraud. Financially-motivated attacks are almost certain to continue impacting healthcare organizations in the foreseeable future.”

Chris Hazelton, director of security solutions at Lookout, said attackers are targeting pharmaceutical manufacturers working on COVID-19 vaccines looking to steal trial information and disrupt vaccine research, which may also include the goal of accelerating competing vaccine efforts.

“It's important that pharmaceutical companies provide protection to all the endpoints their employees use,” Hazelton said. “With this intense focus on creating a COVID-19 vaccine, pharmaceutical security teams should assume there are threat actors inside their infrastructure. Under this assumption, they need to proactively hunt for threats in and around the infrastructure to prevent breaches and contain issues at the endpoint.”

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.