Pharma on the hook: Cyberattackers phishing for your secret formulas

Cyber Security Digital Summit

It goes without saying that mobility has become the key to productivity for any modern business. This is especially true for the highly competitive pharmaceutical industry. To be the first to bring a ground-breaking treatment or vaccine to market, pharmaceutical organizations need their employees to stay productive whether they’re working on your organization’s premises or not.


Can you guess the percentage of phishing attempts encountered by pharmaceutical workers tried to deliver malware?


But to do so, access to corporate infrastructure and sensitive intellectual property (IP) has been expanded to tablets and smartphones. While this increases efficiency, it also exposes these organizations to new risks. 

In our latest industry threat report, we found that 77 percent of mobile phishing attempts on pharmaceutical organizations through the third quarter of 2020 intended on delivering malware. This is an indication that cyberattackers are looking for ways outside of credential harvesting to compromise pharmaceutical organizations.


The security landscape has changed. Your employees are working fewer hours under the protection of the network security at the office or research lab. To ensure that you reap the benefits of mobility without putting your proprietary data at risk, you need to modernize your endpoint security plan to include mobile devices.


Mobile devices have opened pharma to new threats and compliance risks

Whether you like it or not, pharmaceutical intellectual property is sought after by both nation states and cybercriminals. In 2020, cybersecurity authorities in the U.S. and the U.K. warned pharma companies of potential tracks against potential attacks related to COVID-19 research.

And with greater efficiency comes greater connectivity. Whether you gave tablets and smartphones to employees or have a bring-your-own-device (BYOD) policy, mobile endpoints expose your IP to new risks. Cyberattackers have numerous attack vectors to leverage on a mobile device to compromise your organization, from malicious apps, mobile phishing to operating system and app vulnerabilities.


Phishing delivery of malware vs credential theft

Attackers always find the path of least resistance to disrupt your business or steal your data. As we analyzed statistics for our latest industry threat report, we concluded that three out of every four mobile phishing attempts in the pharmaceutical industry sought to deliver malware. In addition, 35 percent of these phishing attacks attempted to steal credentials. I know that adds up to more than 100 percent – but that’s because malicious actors are combining both attack vectors with the delivery of a single phishing link.


Phishing is a complex issue on mobile

The reason that mobile devices have become a primary target is because a well-crafted attack can be close to impossible to spot. Mobile devices have smaller screens, simplified user interfaces, and people  generally exercise less caution on them than they do on computers. Attackers can use any app on a mobile device to deliver a socially engineered phishing link including SMS, social media, messaging, and even dating apps. All of these factors make mobile phishing the most difficult threat vector to protect against.


The pharma mobile landscape is expanding

Tablets and smartphones have as much access to your infrastructure and intellectual property as desktops and laptops. And while mobile phishing is more problematic, it is far from the only threat facing mobile devices in the pharmaceutical industry. 

Out-of-date operating systems, mobile app threats, and network threats consistently target your employees across every part of the organization. Whether it’s a researcher in the lab or a field sales rep working with local pharmacies, every one of your employees in your supply chain has access to your intellectual property.


To better understand the threat landscape for pharmaceutical companies, you should check out the Pharmaceutical Industry Threat Report. With the Lookout Security graph, which includes telemetry data from analysis of nearly 200 million devices and over 125 million apps, we are able to analyze the latest trends in mobile security. In the report, we provide insights across multiple mobile threat vectors that are affecting the pharma industry. 


You can download the Lookout Pharmaceutical Industry Threat Report here.



Note: Please fill out the fields marked with an asterisk.


Copyright: Lookout, Hank Schless,