UP­DAT­ED: The lat­est threat to the man­u­fac­tur­ing in­dus­try: sus­pi­cious mal­ware

Sup­ply chain is­sues and an in­spec­tion back­log have hin­dered man­u­fac­tur­ing’s seem­ing­ly end­less boom, fol­low­ing an in­flux of mon­ey. But a new threat looms over the in­dus­try: a strain of Win­dows mal­ware.

BIO-ISAC, an in­ter­na­tion­al or­ga­ni­za­tion that ad­dress­es threats to the bio econ­o­my, is­sued the warn­ing on its web­site Mon­day, say­ing that a “large bio­man­u­fac­tur­ing fa­cil­i­ty” was in­volved in an at­tack in spring 2021, and the same mal­ware was no­ticed at a sec­ond fa­cil­i­ty in Oc­to­ber 2021. The or­ga­ni­za­tion ex­pe­dit­ed the threat ad­vi­so­ry in the pub­lic’s in­ter­est and has is­sued a state­ment to man­u­fac­tur­ers: As­sume that you are a tar­get, and re­view se­cu­ri­ty pro­to­col ac­cord­ing­ly.

The mal­ware goes be­yond poly­mor­phic mal­ware, which, ac­cord­ing to PC Mag­a­zine, on­ly rewrites part of the com­put­er code to avoid be­ing de­tect­ed. This ver­sion of the mal­ware com­plete­ly re­codes it­self dur­ing each con­nec­tion, when first con­nect­ing to the in­ter­net. That makes it eas­i­er to pre­vent leav­ing be­hind a sig­na­ture, fur­ther evad­ing an­tivirus pro­grams. Dubbed Tardi­grade, Wired found that a mal­ware an­a­lyst at Bio­Bright test­ed the mal­ware 100 dif­fer­ent times, and each time, it built it­self in a dif­fer­ent way.

“Ad­di­tion­al­ly, if it’s not able to com­mu­ni­cate with the com­mand and con­trol serv­er, it has the ca­pa­bil­i­ty to be more au­tonomous and self-suf­fi­cient, which was com­plete­ly un­ex­pect­ed,” the an­a­lyst, Cal­lie Church­well, told the mag­a­zine.

Bio­Bright CEO Charles Frac­chia said in a call with End­points News Tues­day that the or­ga­ni­za­tion is very con­cerned with the mal­ware, and even more con­cerned with com­pa­nies abil­i­ty to han­dle an at­tack. In 2017, Mer­ck was rav­aged of its HPV vac­cine Gar­dasil, af­ter a mal­ware in­fec­tion dubbed Not­Petya shut down the pro­duc­tion of the vac­cine, cost­ing thhe gi­ant $135 mil­lion in a loss in sales in just a sin­gle quar­ter due to the at­tack, and an­oth­er $240 mil­lion in the fol­low­ing quar­ter. The com­pa­ny was forced to bor­row vac­cine dos­es from the US na­tion­al stock­pile. And that was a piece of mal­ware that wasn’t even in­tend­ed for Mer­ck, Frac­chia said.

“I do not know what at the end of the day mo­ti­vat­ed these ac­tors in groups to do this, it is dif­fi­cult, and it’s al­ways a lit­tle bit spec­u­la­tion,” he said. “It is a high­ly ad­vanced tool that has func­tion­al­i­ty that seems re­al­ly strange to have in such a tool, and it’s in an en­vi­ron­ment that we haven’t re­al­ly seen be­fore…We were a lit­tle bit sur­prised by the lev­el of so­phis­ti­ca­tion when we start­ed re­verse-en­gi­neer­ing it.”

Tardi­grade still has the abil­i­ty to make de­ci­sions with­in a net­work, even if it’s cut off from its hack­ers, Wired said. That means it could spread through USB dri­ves or au­tonomous­ly through in­ter­con­nec­tions. The re­port from BIO-ISAC hints that the threat could be try­ing to steal in­for­ma­tion about med­ical in­no­va­tions. To pre­vent this from hap­pen­ing, BIO-ISAC says that man­u­fac­tur­ers should do the fol­low­ing:

  1. Re­view your bio­man­u­fac­tur­ing net­work seg­men­ta­tion
  2. Work with bi­ol­o­gists and au­toma­tion spe­cial­ists to cre­ate a “crown jew­els” analy­sis for your com­pa­ny
  3. Test and per­form of­fline back­ups of key bi­o­log­i­cal in­fra­struc­ture
  4. In­quire about lead times for key bio-in­fra­struc­ture com­po­nents
  5. As­sume you are a tar­get

The first vari­ant of the mal­ware was dubbed Smoke Loader, while the sus­pect­ed sec­ond vari­ant is called Do­foil. It has reached a ran­dom batch of Ama­zon Web Ser­vices, Go­Dad­dy and Aka­mai.

“Re­com­pil­ing oc­curs af­ter a net­work con­nec­tion in the wild that could be a call to a com­mand and con­trol (CnC) serv­er to down­load and ex­e­cute the com­pli­er,” the re­port says. “Al­lows the sys­tem to change por­tions/all the func­tions based on CnC like a nor­mal loader sys­tem but with a lev­el of au­ton­o­my that is un­ex­pect­ed.”

Cy­ber­se­cu­ri­ty threats have been om­nipresent as the world has shift­ed to be even more de­pen­dent on the in­ter­net. The EMA, WHO and US De­part­ment of Health and Hu­man Ser­vices have all come un­der cy­ber at­tack, along with hos­pi­tal sys­tems.

While ac­tors in Chi­na and Rus­sia have con­sis­tent­ly worked to steal in­tel­lec­tu­al prop­er­ty about drugs and man­u­fac­tur­ing process­es dur­ing the pan­dem­ic, every in­stance isn’t al­ways dis­closed pub­licly, Charles Car­makal, the CTO of the cy­ber­se­cu­ri­ty firm Man­di­ant, told Wired. If you have IP stolen, legal­ly, com­pa­nies don’t have to dis­close that.

At the In­flec­tion Point for the Next Gen­er­a­tion of Can­cer Im­munother­a­py

While oncology researchers have long pursued the potential of cellular immunotherapies for the treatment of cancer, it was unclear whether these therapies would ever reach patients due to the complexity of manufacturing and costs of development. Fortunately, the recent successful development and regulatory approval of chimeric antigen receptor-engineered T (CAR-T) cells have demonstrated the significant benefit of these therapies to patients.

All about Omi­cron; We need more Covid an­tivi­rals; GSK snags Pfiz­er’s vac­cine ex­ec; Janet Wood­cock’s fu­ture at FDA; and more

Welcome back to Endpoints Weekly, your review of the week’s top biopharma headlines. Want this in your inbox every Saturday morning? Current Endpoints readers can visit their reader profile to add Endpoints Weekly. New to Endpoints? Sign up here.

The slate of products we’re offering here at Endpoints is continuing to grow, and it’s not just limited to editorial. If you haven’t, do visit your reader profile to see if there are any other weekly newsletters you’re interested in — as each comes with its own exclusive content. And don’t miss the publisher’s note from Arsalan Arif on Endpoints Studio, our latest avenue for advertising on Endpoints.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 124,600+ biopharma pros reading Endpoints daily — and it's free.

Usama Malik

Ex-Im­munomedics CFO charged with in­sid­er trad­ing, faces up to 20 years in prison af­ter al­leged­ly tip­ping off girl­friend and rel­a­tives of a PhI­II suc­cess

The former CFO of Immunomedics, who helped steer the company to its $21 billion buyout by Gilead last year, has been charged with insider trading, the Department of Justice announced Thursday.

Usama Malik tipped off his then-girlfriend and four others that a Phase III study for Trodelvy would be stopped early four days before Immunomedics publicly announced the result in April 2020, DoJ alleged in its complaint. The individuals then purchased Immunomedics shares, selling them after the news broke and Immunomedics’ stock price doubled.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 124,600+ biopharma pros reading Endpoints daily — and it's free.

Merck's new antiviral molnupiravir (Quality Stock Arts / Shutterstock)

As Omi­cron spread looms, oral an­tivi­rals ap­pear to be one of the best de­fens­es — now we just need more

After South African scientists reported a new Covid-19 variant — dubbed Omicron by the WHO — scientists became concerned about how effective vaccines and monoclonal antibodies might be against it, which has more than 30 mutations in the spike protein.

“I think it is super worrisome,” Dartmouth professor and Adagio co-founder and CEO Tillman Gerngross told Endpoints News this weekend. Moderna CEO Stéphane Bancel echoed similar concerns, telling the Financial Times that experts warned him, “This is not going to be good.”

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 124,600+ biopharma pros reading Endpoints daily — and it's free.

One work­er at a Lat­vian man­u­fac­tur­er is dead af­ter a fire breaks out at fa­cil­i­ty

A press release referred to it as simply, “the incident.” But a fire at an Olainfarm site in Latvia last week has left one person dead, and injured another, the company announced Monday.

Just before midnight Nov. 26, a fire broke out in the production building of JSC Olainfarm,  as the result of an “accident,” a company spokesperson said in an email to Endpoints News. The two victims were both company employees, and the causes of the accident are still being determined.

Fu­ji­film Diosynth dumps an­oth­er $454M in­to its sup­ply chain, this time at a fa­cil­i­ty in the UK

Fujifilm Diosynth Biotechnologies is in the middle of a monumental point in the company’s 10-year history, and the CDMO is about to grow even more, as it sets out to be the “beating heart” of the UK’s North East Life Sciences ecosystem.

A site in Billingham, Teeside, UK will receive a $453.72 million investment package from the manufacturer to double the existing footprint and create the largest multi-modal biopharmaceutical manufacturing site in the UK, bringing another 350 jobs to the region by late 2023.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 124,600+ biopharma pros reading Endpoints daily — and it's free.

In­cor­po­rat­ing Ex­ter­nal Da­ta in­to Clin­i­cal Tri­als: Com­par­ing Dig­i­tal Twins to Ex­ter­nal Con­trol Arms

Most drug development professionals are familiar with the nerve-racking wait for the read-out of a large trial. If it’s negative, is the investigational therapy ineffective? Or could the failure result from an unforeseen flaw in the design or execution of the protocol, rather than a lack of efficacy? The team could spend weeks analyzing data, but a definitive answer may be elusive due to insufficient power for such analyses in the already completed trial. These problems are only made worse if the trial had lower enrollment, or higher dropout than expected due to an unanticipated event like COVID-19. And if a trial is negative, the next one is likely to be larger and more costly — if it happens at all.

Ab­b­Vie tacks on a new warn­ing to Rin­voq la­bel as safe­ty frets crimp JAK class

The safety problems that continue to plague the JAK class as new data highlight some severe side effects are casting a large shadow over AbbVie’s Rinvoq.

As a result of a recent readout highlighting major adverse cardiac events (MACE), malignancy, mortality and thrombosis with Xeljanz a couple of months ago, AbbVie put out a notice late Friday afternoon that it is adding the new class risks to its label for their rival drug.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 124,600+ biopharma pros reading Endpoints daily — and it's free.

Biospec­i­men M&A: Dis­cov­ery ac­quires Al­bert Li's he­pa­to­cyte project; PhI­II tri­al on Bay­er's Nube­qa reached pri­ma­ry end­point

Discovery Life Sciences has acquired what claims to be the Maryland-based host of the world’s largest hepatocyte inventory, known as IVAL, to help researchers select more effective and safer drug candidates in the future.

The combined companies will now serve a wider range of drug research and development scientists, according to Albert Li, who founded IVAL in 2004 and is set to join the Discovery leadership team as the CSO of pharmacology and toxicology.