The Cybersecurity 202: Online scammers seize confusion about vaccine registration to steal personal information

The research, which measured through February, show that hackers are taking advantage of confusion and frustration around vaccine registration to prey on victims. 

“The process of signing up and getting registered for a vaccine shot is different from place to place. And they look different,” says Ryan Olson, vice president of threat intelligence at Palo Alto Networks. “It’s easy enough for an attacker to make something that looks pretty legitimate when you’re not sure what to expect.” 

In one scam identified by researchers, scammers set up a fake website that claimed to represent vaccine makers Pfizer and BioNTech. The page asked users for Microsoft Office 365 login information to allegedly sign up for the vaccine. Scammers seemed to be betting that potential victims were not aware they couldn’t get the vaccine directly through the companies. 

Pfizer directed The Cybersecurity 202 to a previous statement on its efforts to combat counterfeit and illicit vaccine activity. 

Patients should never try to secure a vaccine online — no legitimate vaccine is sold online — and only get vaccinated at official vaccination centers or by certified health care providers, the statement said.

The Federal Trade Commission has also seen an uptick in vaccine scams.

The agency has received numerous complaints about vaccine scams, FTC spokeswoman Juliana Gruenwald wrote in an email. Most were email or text message-based scams in which attackers posed as government agencies or health- care providers claiming to offer vaccine appointments in a quest to steal personal information and passwords. Consumers reporting the scams say they were asked to provide personal information, such as Medicare information, Social Security numbers and driver’s license numbers.

Gruenwald could not provide a specific number of reported victims, but says that the agency has noticed an increase in vaccine-related scams as distribution across the United States has accelerated. 

Scammers are targeting health-care providers, too.

Information-stealing scams in which hackers poses as pharmacies and hospitals in an attempt to trick consumers or employees also rose by 189 percent between December 2020 and February 2021. 

Researchers found that attackers set up fake Microsoft login pages to target pharmaceutical employees in multiple countries, including the United States. Efforts to go after employee passwords show that hackers may have been after company information about vaccines. The Department of Homeland Security has warned that hackers could go after the vaccine distribution process. 

Targets included U.S.-based pharmacy Walgreens as well as China-based Junshi Biosciences.

Walgreens spokesman Fraser Engerman wrote in an email that the company uses cybersecurity tools to ward off threats and maintains a cybersecurity training program for employees. No Junshi employees were affected by the phishing attempts, spokesperson Zhi Li wrote in an email.

Palo Alto Networks reported phishing attempts to the central cybersecurity authorities in the countries where victims were located.

The keys

A top cybersecurity official said that software security standards are on the way.

Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency, said that the government is just weeks away from the rollout of some cybersecurity standards aimed at increasing the security of widely-used software products, NextGov’s Mariam Baksh reports.

“There’s just a lot more that we can do and I think in the coming weeks, you will see the government roll out some of its initiatives in this area,” Wales said at a conference hosted by the Cyber Initiatives Group. 

Companies and industry groups say a Trump administration rule blocking technology deals with adversaries such as China could hurt U.S. businesses.

They argue that the rule gives the Commerce Department too broad of an authority to review and block risky technology transactions involving adversaries such as China and Russia.

“If exercised to its fullest extent, this rule could have implications across the entire tech sector,” trade group TechNet’s Peter Chandler wrote. “For example, the Secretary could: upend supply chains; decimate
the careful planning and manufacturing of the world’s most complex technologies; and interrupt broad swaths of business.”

Tech giant Microsoft is among the rule’s top critics. The company submitted a comment ahead of the agency’s decision to finalize the rule.

Manufacturer Honeywell’s operations were disrupted by a cyberattack.

The aerospace and energy equipment giant said it had “returned to service” after “a limited number” of systems were hit, CyberScoop’s Sean Lyngaas reports. A representative did not immediately respond to questions about whether the hackers demanded a ransom to restore the systems or who was behind it.

“Our investigation is ongoing, but at this point, we have not yet identified any evidence that the attacker exfiltrated data from our primary systems that store customer information,” Honeywell said. “If we discover that any customer information was exfiltrated, we will contact those customers directly.” The company said it called in Microsoft to “assess and remediate” the situation.

Chat room

Brandon Wales’s comment that attribution for the Microsoft attack wouldn’t help cyber defenders renewed the industry debate over the subject. Mandiant’s Andrew Thompson:

Security researcher Marcus Hutchins:

Dragos founder and CEO Robert M. Lee:

Cyber insecurity

Hackers broke into a California government employee’s email account last week.

The attacker used the access to send emails to the employee’s contacts in an effort to steal their passwords, Krebs on Security’s Brian Krebs reports. A spokeswoman for the government agency, the State Controller’s Office, said that state employee data was not compromised in the cyberattack.

“A single employee email account was briefly compromised by a spear-phishing attack and promptly disabled,” SCO spokeswoman Jennifer Hanson said. “SCO has notified the employee’s contacts who may have received a potentially malicious email from the unauthorized user. SCO team members have identified all personal information included in the compromised email account and begun the process of notifying affected parties.” 

Daybook

  • NSA deputy cybersecurity director Dave Luber, Microsoft president Brad Smith and Senate Intelligence Committee chairman Mark R. Warner (D-Va.) speak today, on the second day of the three-day Cyber Initiatives Group’s conference.
  • Dmitri Alperovitch, the chairman of the Silverado Policy Accelerator, discusses Russian cyberattacks at an event hosted by the Center for Strategic and International Studies on Thursday at 9:30 a.m.
  • Gen. Paul Nakasone, the commander of U.S. Cyber Command and director of the National Security Agency, testifies at a Senate Armed Services Committee hearing on Thursday at 9:30 a.m. 
  • Philipp Amann, the head of strategy at the European Cybercrime Center, speaks at an event on ransomware hosted by the Institute for Security and Technology on Thursday at 2 p.m.

Secure log off