Report shows pharma industry struggling to handle mobile-based cyber-attacks

Seventy-seven per cent of mobile phishing attempts on pharmaceutical organisations through the third quarter of 2020 intended on delivering malware.
By Sara Mageit
05:10 am
Share

A 2020 Pharmaceutical Threat Report by mobile cybersecurity specialists, Lookout, has examined the challenges healthcare providers are facing.

They have revealed company and employee-owned endpoint devices are providing the gateway for cybercriminals to exploit these services through mobile phishing, application threats, and network-based attacks.

WHY IT MATTERS

Collated from Lookouts customer base data in the pharmaceutical industry, the research contributes to the security telemetry from almost 200 million mobile devices and over 125 million mobile apps while also agregating from security intelligence gained from that broader dataset.

This report explains the key challenges facing life sciences and pharmaceutical organisations along the industry’s supply chain; why protecting intellectual property on smartphones and tablets is a priority; the number of devices running out date operating systems within the pharmaceutical industry and the device encounter rates for mobile phishing, app threats and network-based attacks across Android and iOS devices in this sector.

THE LARGER CONTEXT

The increase of reliance on healthcare data and apps during the pandemic has undoubtedly opened up vunerabilities to cyber-attacks and conversations around incident response. For instance, the government of Qatar’s mandatory COVID-19-tracing app came into question after an Amnesty International investigation exposed a weakness in its configuration that could have left it open for cyber-attacks. 

In the UK, the NHS contact tracing app recently suffered from 'blue screen' error, with many users experiencing difficulties in launching the app. NHS Test and Trace has subsequently published guidance for COVID-19 app glitch on iPhones.

The growing need for cybersecurity and actions to take will be discussed at the Cybersecurity & Incident Response Masterclass at the HIMSS & Health 2.0 Middle East Digital Health Conference & Exhibition. You can register your attendance and find out more here.

ON THE RECORD

The report explains: "The spike in the second quarter of 2020 indicates threat actors targeted pharmaceutical companies during the COVID-19 pandemic by delivering more phishing attacks to mobile devices. They did this because the global shift to remote work meant employees were relying much more heavily on mobile devices to be productive from home. The 106% increase in malware delivery signals the following:

 • Attackers are investing in more complex malware delivery methods and using phishing links to deliver malware to the device.

• Social engineering can convince an employee to download a sideloaded app just as well as it can convince them to enter their login credentials in a fake site.

• Successful delivery of spyware or surveillanceware to a device could result in longer-term success for the attacker.

• Attackers want to be able to observe everything the user is doing and look into the files their device accesses and stores."

Share