CYFIRMA Researchers revealed a significant change amongst hackers and scammers in dark web marketplaces where there was an implicit agreement to minimize peddling of fake vaccine, but observations over the past week showed a dire change in cybercriminals’ attitude and approach
CYFIRMA, a threat discovery and cyber intelligence platform company backed by Goldman Sachs, Zodius Capital and Z3 Partners, has observed a change in cyber criminals’ approach and attitude towards taking advantage of the current COVID-19 pandemic for financial gains.
While hackers and scammers have been leveraging the pandemic to push out malware and phishing emails as part of their cyber- attack campaigns to steal data from businesses and consumers, or to cause social unrest amongst various communities, there has been an understanding amongst hackers groups to not ‘cross the line of humanity’ by selling fictitious vaccines. CYFIRMA researchers observed that hackers are cognizant to the dangers of putting millions of lives at risk as families of those who have been infected by the COVID-19 virus would likely be desperately seeking a medical remedy. Any news of a vaccine availability could also send masses of people into a state of frenzy and cause major turmoil across many societies.
As witnessed in the dark web marketplaces, there are groups who are urging sellers not to peddle fake COVID-19 cures. A forum in the dark web called ‘Monopoly’ has written: ‘Any vendor caught flogging goods as a cure to Coronavirus will not only be permanently removed from this market but should be avoided like the Spanish Flu’. The forum post also stated the gravity of the pandemic and asked sellers not to use the crisis as a marketing tool.
There are also groups in the dark web encouraging community members to contribute towards COVID-19 medical research. A dark web forum, written in Russian, has urged gaming enthusiasts to lend their computers’ GPU (these are graphics processing units with extensive compute power usually used for video games and high performance computing workloads) processing power to an international network of distributed computers to help with sequencing the virus genomes and related research.
While there are groups in the dark web taking a moral stance against profiting from the pandemic crisis, there are many other scammers who have taken a vastly opposite point of view.
In the past week, CYFIRMA researchers have noticed a marked difference in the tonality and approach taken in the numerous illicit marketplaces. There has been an influx of groups selling cures and vaccines, and each one is designed to extract maximum financial benefit, and all playing on people’s fears and anxiety.
According to the WHO, the earliest date for a COVID-19 vaccine to be available would be in 12 to 18 months’ time. But this has not deterred the proliferation of hoaxes which have since accelerated.
Advisory from CYFIRMA:
“Our observations are telling us there are broadly two groups of cyber-criminals lurking in the dark web. There is the one group who is leaning towards a basic code of conduct where they believe the pandemic is not the usual events where they could leverage and profit from, and then, there is the nefarious group who has no qualms to put lives at stake for their monetary benefits. While we know the dark web is teeming with criminals, there has always been some unsaid understanding of where to draw the line. The tide is now changing, and it is important for everyone to understand that, and be extra vigilant – vaccine for the novel coronavirus can only be obtained from your medical authorities as it becomes available, do not become victim of these scams,” advised Kumar Ritesh, Founder and CEO of CYFIRMA.