Fraudsters Devise More COVID-19 Vaccine SchemesCriminal Activity Escalates as Americans Scramble to Get a Shot
As patients across the U.S. compete to book appointments online for COVID-19 vaccines, cybercriminals are tapping into the anxiety by escalating attacks and scams.
Reports issued this week by security vendors Imperva, Barracuda Networks and Kaspersky spotlight some of the latest threats and schemes. Those include: botnet attacks, which potentially are contributing to vaccine appointment website crashes; a rise in phishing scams promising access to vaccines; and dubious vaccines being offered for sale on the darknet.
Government agencies, including the Federal Trade Commission, also have been warning the American public about criminal scams looking to profit on COVID-19 angst.
"COVID has put a huge amount of strain on the healthcare industry’s security infrastructure," says Kelvin Coleman, executive director of the National Cyber Security Alliance. "And given how vigilant bad actors are when it comes to finding new areas to attack, it is not surprising to see that the vaccination framework is now receiving greater interest from cyber malefactors."
Beware of Botnets
Imperva Research Labs, in a report released Thursday, says the company has monitored a 372% increase in bad bot traffic on healthcare websites globally since September 2020. In February 2021, bot traffic soared 48.8%, the firm says.
“While it’s hard to determine the precise motive of these bad bots, there are a few scenarios that could play out in the coming months as vaccines become even more readily available," Coleman says.
Imperva says those scenarios include:
- Bots making it more difficult for people to access vaccine appointment websites;
- Increased bot traffic taking down more appointment sites;
- Bots reserving vaccine appointments while people wait online - often fruitlessly - for their turn to book a shot.
Edward Roberts, a director at Imperva, says "the bad bot problem" will continue to grow as more organizations become involved in administering COVID-19 vaccinations.
"At this time, it's hard to differentiate what bot activity could be malicious versus helpful, but one thing to remember about bots is that they make it much harder for legitimate human users to access a website," he says.
Barracuda Networks says in a new report that hackers are increasingly using vaccine-related emails in their targeted spear-phishing attacks.
Some phishing emails are designed to look as though they came from a well-known brand or organization and include a link to a phishing website advertising early access to vaccines and offering vaccinations in exchange for a payment, Barracuda says. In some cases, the phishing emails impersonate healthcare professionals requesting personal information to check eligibility for a vaccine.
Meanwhile, recent business email compromise attacks involve highly targeted messages on vaccine-related topics.
"We’ve seen attacks impersonating employees needing an urgent favor while they are getting a vaccine or an HR specialist advising that the organization has secured vaccines for their employees," Barracuda writes.
Security firm Kaspersky says its researchers have recently found listings on the dark web offering COVID-19 vaccines for sale. These vaccines mostly appear to be bogus, but some might be actual vaccines being collected from “leftover” doses from vaccine administration facilities, Kaspersky warns.
“The majority of sellers come from France, Germany, the U.K., and the U.S., and the prices per dose range from $250 to $1,200, with an average cost of about $500," Kaspersky says.
"Buyers and sellers communicate through encrypted messaging apps like Wickr and Telegram, while payments are usually requested in the form of bitcoin," the report notes.
Kaspersky researchers found that many of the darknet sellers had conducted 100 to 500 transactions.
"It’s important to note that even if what’s being sold is the real deal, the dose may not be effective by the time it arrives," the report notes, since some vaccines require cold storage.
Organizations can take several steps to mitigate the risks posed by vaccine-related fraud.
"Fortunately, there are several proactive steps - ranging from updating legacy systems to ensuring connected devices are running on encrypted networks - that healthcare businesses can take to better defend themselves against threats related to vaccine efforts and beyond," Coleman says.
To battle against bots, Imperva recommends deploying technology to better protect all potential access points, including websites, mobile applications and APIs.
Imperva's Roberts also suggests entities block outdated user agents/browsers as well as certain hosting providers and proxy services.
"Even if the most advanced attackers move to other, more difficult-to-block networks, many less sophisticated perpetrators use easily accessible hosting and proxy services like Digital Ocean, Gigenet, OVH Hosting and Choopa," he says. Disallowing access from these sources might discourage attackers from coming after a site, he adds.
Organizations also should closely monitor for failed login attempts, he adds. "Define a failed login attempt baseline, then monitor for anomalies or spikes. Set up alerts so the security team can be automatically notified if any anomalies occur."
Advanced “low and slow” attacks, however, don’t trigger user or session-level alerts, so organizations should set global thresholds, Roberts says.
Barracuda suggests organizations use artificial intelligence and machine learning to analyze normal communication patterns and then help spot anomalies that may indicate an attack.