In its latest report, Check Point Research, a global cyber security firm, has found a stream of posts on the internet from sources claiming to have a range of ‘coronavirus vaccines’ or remedies for sale.
From “available coronavirus vaccine $250” to “Say bye bye to Covid-19=Chloroquine Phosphate” and “buy fast. Coronavirus Vaccine is out now,” the range of remedies advertised is extensive.
The findings come close on the heels of Europol, the EU’s law enforcement agency, issuing an early warning notification last week. “When a Covid-19 vaccine does become available, it will likely not be available for sale online. However, fraudulent pharmaceutical products advertised as allegedly treating or preventing Covid-19 are already on sale, both offline and online,” the notification reads.
The Check Point report notes: “All the vendors we found insist on payment in bitcoin as it minimizes chances of being traced, casting further doubt on the authenticity of the medicines they are selling. In communications with one vendor, they offered to sell an unspecified Covid-19 vaccine for 0.01 BTC (around$300), and claimed that 14 doses were required. This advice contradicts official announcements which state that some vaccines require two shots, given 3 weeks apart, per person.”
1k+ new domains
November’s positive news about vaccine trials and imminent availability has resulted in a surge in new web domains that relate to Covid-19 or vaccines, the report read. Check Point said that since the beginning of November, 1,062 new domains were registered which contain the word “vaccine”. Of these, 400 also contain “covid” or “corona”.
These figures are equivalent to the numbers in the previous three months (August, September and October) combined, the report read. It also found that besides trying to sell fake vaccines, cybercriminals are also using vaccine-related news as bait for phishing campaigns.
Some emails were found delivering malicious ‘.exe files’ with the name ‘Download_Covid 19 New approved vaccines.23.07.2020.exe’ that installs an InfoStealer capable of gathering login information, usernames and passwords to enable threat actors to take over accounts.
2021 threat perception
Terming the pandemic an ultra-rare yet high-impact event that has derailed business, the firm said separate research showed 58% of security professionals reporting an increase in cyber threats since lockdowns were imposed.
Hackers have also sought to take advantage of disruption caused by the pandemic and “pharma companies developing vaccines will also continue to be targeted by malicious attacks from criminals or nation-states looking to exploit the situation,” the report read.
Aside from this a range of phishing activity, including targeting parents with remote learning and increased malware attacks have been predicted.