Security researchers are warning bio-manufacturing facilities around the world that they will be hit by a sophisticated new strain of malware, known as Tardigrade.
The warning comes from the non-profit Bioeconomy Information Sharing and Analysis Center (BIO-ISAC), which revealed that at least two major facilities working on the production of bio-drugs and vaccines have been affected by the same malware this year, in what there appear to be targeted attacks.
Charles Fracchia, founder of BioBright and a BIO-ISAC board member, says that Tardigrade is an APT aimed at Windows computers in the bioeconomy and bio-manufacturing sector “using tools with unprecedented sophistication and stealth.”
At first, Tardigrade may be confused with a (unfortunately all too common) ransomware attack, but what makes it different is its sophistication and autonomy. And – unlike ransomware – if Tardigrade makes any attempt to extort money from its victims, they appear to be half-hearted, paying much more interest on filtering out data and spying on its victims.
Security researchers claim that Tardigrade appears to be a variant of the SmokeLoader malware family, but is far more autonomous – able to select files for modification and move sideways through an organization and perform other actions, such as infecting USB drives, rather. than relying on a command and control center.
Fraccia told The cable that Tardigrade took things to a new level:
“This almost certainly started with espionage, but it has affected everything – disruption, destruction, espionage, all of the above. It is by far the most sophisticated malware we have seen in this space. This is eerily similar to other attacks and campaigns by the APT of nation states. ‘is aimed at other industries. “
Attacks on pharmaceutical companies and the bioeconomy have taken place around the world during the pandemic, as malicious attackers have found that the sector is poorly defended compared to its increased value to society.
For now, as nations fight to protect their citizens from COVID-19, no public is pointing fingers at who may be responsible for Tardigrade’s attacks. Instead, the focus is on spreading the message about the threat for fear that other bioproduction plants could be affected.
Analysis of exactly what Tardigrade is capable of doing is underway, but researchers working with BIO-ISAC say they felt it was right to publish, after seeing the continued spread of the attack.
Initial infections appear to be most likely to occur through a poisoned email that tricks recipients into opening a file. But the Tardigrade malware can also spread sideways across networks and even infect USB sticks.
Malware researcher Callie Churchwell says one method Tardigrade uses for lateral spreading was network sharing, and that it “creates folders with random names from a list (eg ProfMargaretPredovic)”
BIO-ISAC recommends that vulnerable bio-manufacturing organizations review their network segmentation, determine what “crown jewels” should protect inside their business, test and perform offline key infrastructure backups, inquire about delivery times for critical bio-infrastructure components if they need to be replaced or upgraded, and ” suppose you are a target. “
Editor’s note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect Tripwire, Inc.