New malware on the rise: Tardigrade targets biotech companies

What do we know so far?

A tardigrade is a very peculiar creature, which can survive extreme conditions like radiation, low temperatures, dehydration, and even starvation. Scientists consider tardigrades to be one of the most resilient species on Earth, just like their cyber doppelganger.

The Tardigrade malware is responsible for at least two known attacks against biomanufacturing facilities this year, suggesting that other companies in the industry might also be at risk. Threat actors use Tardigrade to steal sensitive data and deploy ransomware.

Tardigrade is not just another malicious software. Cybersecurity experts claim it’s much more sophisticated and advanced, as it can adapt to new environments, mask itself on an infected device, and even operate autonomously when cut off from the command and control center. Once installed on a network, Tardigrade steals stored passwords, deploys a keylogger, and creates a backdoor for hackers.

There are two main ways for Tardigrade to spread:

1. Phishing emails
2. Infected flash drives

Researchers still speculate about who’s behind Tardigrade, but there’s still a lot of questions left unanswered.

Why does Tardigrade attack the biotech industry?

Since the pandemic, countries like China and Russia have been orchestrating attacks against companies working on COVID-19 vaccine. However, it’s not clear whether foreign actors are behind the recent malware attacks.

Biotech companies work with highly sensitive information, which might be crucial for scientific research. Patients’ data, lab results, drug development analysis, and manufacturing information could be worth billions, not to mention all the hard work that could vanish in the event of an attack.

Experts say that biotech companies rarely prioritize cybersecurity and many are vulnerable to cyber threats. Outdated software, lack of proper security tools, and untrained staff might be the reasons why this industry is now under the radar.

However, we can’t also underestimate internal threats. In 2019, an employee of Australian biotech company CSL stole 25 GB of sensitive data to help him land a job in another company.

How improve your security

Update your software on time. Postponing updates is never a good idea, as bad actors can exploit system vulnerabilities that were patched months ago. Companies need to make sure that their employees are running recent software versions, otherwise this can put their security at risk.

Use strong passwords. Make sure to use uppercase and lowercase letters, along with special characters and numbers to create complex passwords. Very often, employees use the same passwords for both their personal and work accounts, which is a huge no-no.

Enable two-factor authentication (2FA). Whenever you can, always enable two-factor authentication. Passwords can be cracked, but with 2FA enabled, your chances of having your accounts compromised are significantly lower.

Train your staff. Any company, whether it’s a global corporation or a biotech start-up, needs to educate their employees about cybersecurity risks and train them to stay safe online. Surprisingly, too many people still have a very poor understanding of online security.

Use a VPN. A virtual private network encrypts your traffic and hides your IP address, improving your security and privacy. While a VPN won’t protect you from malware and ransomware, it will enhance your overall security. With one NordVPN account, you can protect up to six devices: laptops, tablets, smartphones, and more. Businesses can greatly benefit from NordLayer, which allows employees to access the company's resources securely.