![]() ![]() Together with nematodes and bdelloid rotifers, tardigrades are known to enter quiescence (with several forms of cryptobiosis: anhydrobiosis, cryobiosis, anoxybiosis, osmobiosis at any stage of their life cycle, from egg to adult. “So with this disclosure we’re trying to not just say, ‘Hey, eat your vegetables.’ It’s come to the point where we’re basically saying the security equivalent of ‘Eat them or you’ll die.Directory of Open Access Journals (Sweden)įull Text Available Tardigrades often colonise extreme habitats, in which they survive using both types of dormancy: quiescence and diapause. “The basic design of many networks in the biomanufacturing field has inherent cybersecurity issues,” he says. ![]() Now a few dozen can flag it, and the researchers hope that even more will add protections. When the researchers first started investigating the malware, only a couple of virus scanners successfully detected it. The BIO-ISAC prioritized coordinating public disclosure so potential victims can look for signs of infection and the broader security industry can be on alert. Additional security and segmentation can complicate a highly choreographed manufacturing process. The stakes are high in biomanufacturing, Fracchia says, because many of the industrial networks used for production are built for openness and efficiency. It's possible that the ransomware attack was a cover for other activity-a tactic that has been used before, including famously by Russia-but the researchers say they have no firm conclusions yet. It is unclear, for example, why attackers would use such a refined and sophisticated tool to deliver something as noisy and visible as ransomware-making it more likely that Tardigrade would be discovered. “But we’ve seen financially motivated, disruptive attacks against health care companies and a variety of cyberattacks against biotech and pharma for espionage purposes.”Ĭarmakal adds that in some cases, these network infections have been traced to malicious USB drives.īioBright’s Fracchia emphasizes that a lot remains unknown about Tardigrade's context and goals. ![]() “Many of these incidents aren’t public, because if you have IP stolen, legally you don’t have to disclose it,” Carmakal says. The Covid-19 pandemic, he adds, created additional incentives for nation state attackers. Carmakal had not reviewed the Tardigrade research ahead of the disclosure, but says broadly that actors like China and Russia have worked consistently to grab intellectual property about enzymes, drugs, and manufacturing processes that could save those countries billions of dollars and years of research and development. Nation state digital espionage against biotech and pharmaceutical companies has been increasingly common, says Charles Carmakal, senior vice president and chief technical officer of the cybersecurity firm Mandiant. The malware is similarly inconspicuous, adaptable, and resilient. The researchers chose the name “tardigrade” in honor of the water bear micro-animals that can survive extreme heat, cold, irradiation, and even crash landing on the moon. The researchers say that Tardigrade seems to be primarily designed for distribution through phishing attacks, but could also spread through tainted USB sticks, or even move from one infected network to another autonomously with the right interconnections. This means that Tardigrade can still make decisions about how to proceed within a victim network even if it gets cut off from the hackers who deployed it. What's more, they say, the malware is “actively spreading” in the biomanufacturing industry. While they're not making an attribution about who developed the malware, they say its sophistication and other digital forensic clues indicate a well-funded and motivated “advanced persistent threat” group. Today the cybersecurity nonprofit Bioeconomy Information Sharing and Analysis Center, or BIO-ISAC, of which BioBright is a member, is publicly disclosing findings about Tardigrade. They found that the malware could adapt to its environment, conceal itself, and even operate autonomously when cut off from its command and control server. Then there was the malware they had used: a shockingly sophisticated strain dubbed Tardigrade.Īs the researchers at biomedical and cybersecurity firm BioBright dug further, they discovered that Tardigrade did more than simply lock down computers throughout the facility. The attackers left only a halfhearted ransom note, and didn't seem all that interested in actually collecting a payment. When ransomware hit a biomanufacturing facility this spring, something didn't sit right with the response team. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |