New Type Of Malware Attacks Biotech Companies, Vaccine Manufacturers Must Be Careful

Biotech companies are being targeted by a new type of malware. (photo: pixabay doc)

JAKARTA - A new type of Windows malware that can continuously adapt to avoid detection has been discovered. According to internet security researchers, this malware targets the biotech industry, including the infrastructure behind vaccine manufacturing.

The warning comes from a non-profit organization called BIO-ISAC, which focuses on sharing information to protect the biotech industry from cybersecurity threats.

The threat raises alarm bells because it goes beyond the usual polymorphic malware, which will only rewrite part of its computer code to avoid detection. In contrast, the malware found even goes so far as to completely recompile its code during infection, the first time it connects to the internet.

This “metamorphic” capability prevents malware from leaving a consistent “signature”, making it harder for antivirus programs to recognize them. According to Wired, a security researcher tested the malware nearly 100 times, and “each time the malware built itself up in a different way and communicated differently.”

As a result, BIO-ISAC dubbed the Tardigrade malware, as a “microorganism” that can survive extremely hot and cold conditions, including a vacuum. But unlike the real Tardigrade, this malware can secretly hijack a computer system to steal and modify files. Additionally, it contains the sneaky ability to spread both via phishing emails and USB devices.

BIO-ISAC first discovered the malware last spring when one of its member companies, Biobright, investigated a ransomware attack at a large, unnamed biomanufacturing facility. Security researchers acquired the ransomware along with the program containing the malicious encoding, which turned out to be very complicated.

BIO-ISAC has discovered the Tardigrade malware attacking the second facility. This prompted the group to issue a warning Monday, November 22 to the biotech industry, saying it believed Tardigrade was "actively spreading in the bioeconomy."

BIO-ISAC, stopped linking the malware to specific countries, but BIO-ISAC says it likely belongs to advanced persistent threat actors, who can often be state-sponsored hackers.

The Tardigrade malware also shares some similarities with another malicious program known as Smoke Loader, which has been around since at least 2011 as black market malware, according to Malwarebytes.

To detect threats, BIO-ISAC urges potentially targeted companies to use "antiviruses with behavioral analysis capabilities," and also to remain vigilant against phishing email attacks, which can deliver malware payloads.

"Currently, biomanufacturing sites and their partners are encouraged to assume they are targets and take the necessary steps to review their cybersecurity and response posture," the group added.