With the promise of a widely available COVID-19 vaccine on the horizon, Europol, the European Union’s law-enforcement agency, has issued a warning about the rise of vaccine-related Dark Web activity.
The agency joins a chorus of security professionals that have concerns about widespread attacks on the COVID-19 vaccine rollout.
The warning comes after Europol discovered a Mexico-based operation pushing fake influenza vaccines on the cybercrime underground in October. It said it is likely that these same actors will see another opportunity with the rollout of a COVID-19 vaccine.
“The detection of a fake influenza vaccine confirms that criminals seize opportunities as soon as they present themselves,” the Europol warning read. “Owing to the pandemic, the demand for the influenza vaccine has been higher than usual and there risks being a shortage. Criminals have reacted quickly by producing counterfeit influenza vaccines. The same scenario is also likely to happen when COVID-19 vaccines do become available.”
It’s a golden opportunity for cybercriminals, who can use fake vaccine offers as bait.. Europol added that high demand for the vaccine and potential shortages will likely drive consumers online looking for alternatives, the warning added.
“Some dark web markets feature advertisements for fake COVID-19 vaccines,” according to Europol. “The number of offers is limited at this stage but will likely increase once a legitimate vaccine becomes available. Criminals advertise their fake vaccines using the brands of genuine pharmaceutical companies that are already in the final stages of testing.”
COVID-19 Vaccine Phishing Attempts
The anticipation of a COVID-19 vaccine is precisely the kind of global event cybercriminals have learned to leverage into profits. There have been several other recent developments which clearly demonstrate that malicious actors will eagerly endanger public health if it means raising a quick buck, or Bitcoin.
Already, researchers have reported a phishing campaign spread across six countries targeted organizations associated with The Vaccine Alliance’s Cold Chain Equipment Optimizations Platform (CCEOP) program.
The attackers sent phishing emails to impersonate an executive of Haier Biomedical, a company known to the recipients as a member and reportedly the sole end-to-end cold supply chain provider, which is needed to deliver the COVID-19 vaccine, IBM reported.
“The targets included the European Commission’s Directorate-General for Taxation and Customs Union, as well as organizations within the energy, manufacturing, website creation and software and internet security solutions sectors. These are global organizations headquartered in Germany, Italy, South Korea, Czech Republic, greater Europe and Taiwan,” IBM’s report said. “Spear-phishing emails were sent to select executives in sales, procurement, information technology and finance positions, likely involved in company efforts to support a vaccine cold chain. We also identified instances where this activity extended organization-wide to include help and support pages of targeted organizations.”
Operation Warp Speed Warning
As a result of the IBM X-Force findings, CISA issued guidance to Operation Warp Speed organizations to boost security related to COVID-19 vaccine storage and transport.
“Impersonating a biomedical company, cyber-actors are sending phishing and spearphishing emails to executives and global organizations involved in vaccine storage and transport to harvest account credentials,” CISA’s Dec. 3 statement said. “The emails have been posed as requests for quotations for participation in a vaccine program.”
There have been signs for months that cybercriminals saw COVID-19 as a money-making opportunity.
COVID vaccine manufacturer Dr. Reddy’s Laboratories was forced to shut down factories in Brazil, India, the U.K. and U.S. in late October, which were contracted to make the Russian vaccine “Sputnik V.” And the APT group DarkHotel targeted the World Health Organization last March, in an attempt to steal any information they could find related to tests, vaccines or trial cures.
And just last month, antigen firm Miltenyi, which manufactures critical supplies for testing and treatment of COVID-19, fell victim to a malware attack, which slowed communications and operations across its operation spread across 73 countries.
And there doesn’t seem to be any relief in sight for already beleaguered pharmaceutical and healthcare teams anywhere in the world, meaning general security vigilance, even under these stressful circumstances, is more important than ever.
“There’s been an intense upscale in attacks,” Chloé Messdaghi, vice president of strategy at Point3 Security told Threatpost. “Anything connected to sensitive data for COVID-19 is definitely under threat by foreign nation-state actors or foreign competing companies looking to find usable information. Or it could be an individual attacker or a group of attackers trying to collect money.”
Put Ransomware on the Run: Save your spot for “What’s Next for Ransomware,” a FREE Threatpost webinar on Dec. 16 at 2 p.m. ET. Find out what’s coming in the ransomware world and how to fight back.
Get the latest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, and Israel Barak, CISO at Cybereason, on new kinds of attacks. Topics will include the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. Register here for the Wed., Dec. 16 for this LIVE webinar.