With the promise of a widely available COVID-19 vaccine on the horizon, the FBI has issued yet another warning about the rise of vaccine-related Dark Web activity. The agency joins a chorus of security professionals that have concerns about widespread attacks on the upcoming COVID-19 vaccine rollout. All of us digitally connected human beings are about to be major targets for phishing emails, fake ads and any number of scams out to harvest our identity and hard earned money. Be ready.
This most recent warning from the FBI comes after a Mexico-based operation was discovered selling fake flu (influenza) vaccines on the cybercrime underground in October, highlighting how criminal groups are taking advantage of anything that might be perceived as helpful against COVID-19. Because of the pandemic, the demand for the flu vaccine has been higher than usual and there are risks of a shortage. Criminals have reacted quickly by producing counterfeit flu vaccines and the same is likely to happen when COVID-19 vaccines do become available. This will be a golden opportunity for cybercriminals who will use fake vaccine offers as bait and you can bet they will target a largely eager and distracted public that wants to get back to normal life.
(from the Darkweb)
The anticipation of a COVID-19 vaccine is precisely the kind of global event cybercriminals have learned to leverage into profits. You can count on malicious actors eagerly endangering public health to make a quick buck. For example, security researchers have already tracked down attackers sending targeted phishing emails impersonating an executive of Haier Biomedical, the sole end-to-end cold supply chain provider critical to delivering the COVID-19 vaccine. They are trying to disrupt the Covid-19 vaccine supply chain and over the past few months they have been successful at doing so using malware and credential harvesting. There doesn’t seem to be any relief in sight so general security vigilance, especially under these stressful circumstances is more important now than ever. Here’s where to start:
1. Check to see if any of your personal or company passwords have been leaked onto the Dark Web
Leaked passwords are a simple back-door into your life and business and it’s a super simple way for cybercriminals to assume your identity. There is a free and comprehensive searchable database available you can use at haveibeenpwned.com but you have to enter each email address one at a time, which can get tedious. If you would like us to run a quick Dark Web investigation on your entire organization – can do, no charge. Just reach out.
2. Do you have a Employee Cybersecurity Awareness Training (ECAT) in place?
Strengthening your human firewall is common sense but difficult to implement. In almost every circumstance of data theft and ransomware infection, the attack vector is through phishing email. This means that a cleverly disguised email was able to trick someone at the company into opening a back door into the organization and unknowingly cause a disaster.
An ECAT also trains employees on how not to be tricked by websites designed to harvest company information and infect systems. We regularly thwart attempts by fake ecard greeting websites, fake prescription drugs, Netflix, Amazon, LinkedIn, Facebook, on-line banking login portals and even legitimate sites such as Yahoo and CNN when banner ad networks get compromised and start soliciting trusting visitors.
3. Keep an eye out for suspicious activity on your credit report
Usually you can only get your credit report from the 3 credit reporting agencies Experian, Equifax and Transunion once per year. Because of Covid, they are allowing you to get it once per week until April of 2021 – the website is annualcreditreport.com. I recommend doing that today.
Unfortunately, the Internet is broken. Join us in the fight to protect businesses like yours from theft, crime and disaster.
Stay safe out there.