Pharmaceutical companies invest billions in discovering and developing new drugs in a heavily regulated industry. The vigilance and rigor required to protect this type of research-intensive intellectual property mandates an understanding of not only threats, but the types of adversaries zeroing in on this industry.

To effectively navigate the many risks facing their industry, pharmaceutical leaders are turning to Trusted Intelligence to mitigate a broad spectrum of security threats and adversaries.

Below are examples of the types of threats and challenges Flashpoint helps pharmaceutical companies address:


INTELLECTUAL PROPERTY (IP) THEFT

Pharmaceutical companies invest billions of dollars and years of research into developing new drugs, which is why they typically take considerable measures to safeguard their intellectual property (IP) from competitors intent on corporate espionage, black-market drug manufacturers, and other adversaries. Flashpoint’s knowledge of the evolving techniques, tactics, and procedures (TTPs) being used to steal IP gives pharmaceutical companies an edge over adversaries in mitigating this ever-present threat.

In one situation, Flashpoint analysts discovered an actor advertising IP belonging to a multinational corporation for sale on an elite cybercrime forum. Upon further investigation, analysts determined the actor was employed by the company that owned the IP. Flashpoint shared this information with the company, enabling it to safeguard the IP, mitigate exposure, and take appropriate actions against the rogue insider.

THIRD-PARTY RISK

As pharmaceutical companies expand their supply chains and rely increasingly on third parties, they are inadvertently exposed to a variety of risks. In addition to being entrusted with control over certain processes, third parties working with pharmaceutical companies are frequently granted access to internal networks, systems, and highly confidential information.

In one situation, Flashpoint analysts observed a threat actor seeking “non-public investment information” on an illicit marketplace. The request garnered an affirmative response from an individual who claimed to be a third-party contractor for a targeted organization. Flashpoint conducted an extensive investigation of the suspected insider threat to confirm the individual’s identity and the validity of their claims. This intelligence enabled the organization to safeguard its clients’ information and work with law enforcement to take action against the contractor.

UNDERGROUND DRUG TRAFFICKING

Illicit prescription drug trade costs the pharmaceutical industry billions of dollars in lost revenue each year while fueling addiction and drug abuse. Much of this activity is hosted on illicit forums and marketplaces, where drugs diverted from legitimate pharmaceutical supply chains are known to be sold alongside counterfeit drugs without regulation or oversight, jeopardizing the well-being of those who purchase them.

Flashpoint provides pharmaceutical companies with unmatched visibility into the prescription drug marketplaces of these illicit communities, supplemented by investigative reporting tailored to customer needs. In one instance, a pharmaceutical company requested specific information about threat actors selling prescription drugs within online illicit communities. Flashpoint provided the customer with the online aliases of prescription drug vendors, specific details about what drugs they were selling on which forums at what price, and an assessment of the vendors’ capabilities and level of influence within illicit communities. Armed with this intelligence, the customer was able to effectively prioritize its security resources to combat the illicit sale and abuse of the drugs they produce.

INCIDENT RESPONSE

Given the high volume of valuable IP and other sensitive data held by pharmaceutical companies, the ability to quickly identify, verify, and mitigate potential security incidents and breaches is essential. However, without visibility into illicit marketplaces and forums where criminal schemes are hatched and proprietary information is bought and sold, companies may struggle to detect and verify cyber indicators of compromise accurately and effectively.

Flashpoint’s extensive linguistic, social, and cultural expertise, as well as comprehensive access to illicit communities, helps organizations proactively identify and investigate security incidents and breaches. In one situation, Flashpoint observed a highly reputable threat actor on an underground marketplace offering to sell access to the internal network of a global corporation. After verifying the breach’s validity, Flashpoint conducted a technical analysis of the threat actor to identify the source of the compromise and help the company mitigate any additional exposure.

THREAT VALIDATION

While some malicious threat actors’ claims of having access to a targeted network or dataset are legitimate, illicit forums and marketplaces are also filled with actors making false claims. As such, accurately assessing the legitimacy and potential impact of a threat requires extensive visibility into, and nuanced understanding of, the criminal underground. Flashpoint’s team of specialized analysts can help pharmaceutical companies sift through the noise of illicit community chatter and determine which threats are legitimate and relevant to them.

In one situation, an actor claimed to have access to an unnamed pharmaceutical company’s IT network and data. According to the actor, the compromised assets included proprietary information on new drugs being developed. The actor claimed to be an insider with admin-level network access, but Flashpoint analysts were unable to tie the actor to any pharmaceutical company. Moreover, analysts observed that the actor’s profile on the marketplace on which they were operating indicated they had not completed any successful transactions. With this information, the pharmaceutical company was able to avoid wasting security resources on a nonexistent threat.


Did this answer your question?