Digital criminals turn toward vaccines to capitalize on COVID-19

Cybercriminals continue to capitalize on the hysteria and worry caused by COVID-19, both in the physical sphere and digital ecosystem, exploiting the significant global unmet demand for vaccines. Over the past year, my firm has continuously monitored the surface, deep, and dark web for malicious activity related to COVID-19, witnessing a trend in the manipulation of the digital ecosystem for commercial gain or other malicious ends related to the topic of vaccines.

Back in 2019, even before the pandemic started, the World Health Organization (WHO) characterized vaccine hesitancy (the reluctance or refusal to vaccinate) as one of the top ten threats to global health. This threat, of course, has only intensified over the last year.

We have analyzed billions of breached or exposed data—including a peek into deep and dark marketplaces for illicit activity and actors profiting from vaccines — and will expound on these findings in a later report, but in the meantime, I’ve outlined two key insights we’ve gathered thus far: vaccine hesitancy related to misinformation and disinformation narratives, and illicit vaccine activity on the dark web.

Mis- and disinformation narratives

Across global geographies, we’ve conducted continuous, comprehensive analysis of the digital public sphere since February of 2020—including social media, news, forums, blogs, and other public digital communities—for English-language conversations related to COVID-19 and vaccines, parsing through more than 100 million results, with more than 33.5 million geolocated in the United States.

Over just the past three months (since February 2021), one of the major narratives our team of analysts identified was hesitancy driven by concerns of potential vaccine side-effects and big pharma profiting from the pandemic and the subsequent vaccine production. Together, these narratives made up about 37% of the total conversation on COVID-19 and vaccines over the period analyzed (about 10.9 million results, results being content, users, interactions, posts etc. being produced in the digital public sphere).

Illicit vaccine-related activity in dark markets

Threat actors are exploiting the pandemic for profits in underground markets, as has been well-documented. Our threat intelligence teams have found vaccines—real or fake—and fake vaccine certificates for sale in underground markets such as “Liberty Market” and “Televend,” as well as Telegram channels. WHO held a press conference earlier this year to address this very issue, warning that “some falsified products are also being sold as COVID-19 vaccines on the internet, especially on the dark web.” WHO would go on to say that it was aware that ministries of health and regulatory agencies across the globe “have received suspicious offers to supply COVID-19 vaccines.”

We’ve seen that the average price in several dark markets—including Steroid King, Cartel Marketplace, Tor Door Marketplace, DarkFox, and Invictus—for AstraZeneca is an exorbitant $848.50; Pfizer is selling for $483.75; Moderna goes for $193.60; and Sputnik costs only an average of $8. As far as certificates go, German vaccine certificates are being sold for an average of $22.35, and COVID-19 antigen tests sell for an average $25 flat. Cryptocurrency is the exclusive form of payment.

Looking ahead

Fortunately, most narratives are pro-vaccine, although hesitancy-related and explicitly anti-vaccine narratives can spread extensively given the size and the intense frequency of activity of the digital users and communities that generate anti-vaccine content and messages.

Drug makers and law enforcement have made a concerted effort to stem criminal activity related to the COVID-19 vaccines. But, as Steve Francis, director of the National Intellectual Property Rights Coordination Center, succinctly put it, “we’ve never seen so much fraud and misinformation and schemes.”

Criminal groups are taking commercial advantage of today’s global crisis, thriving in an environment of rampant information that has tangible public health effects. Experts have repeatedly warned about the security risks caused by the COVID-19 vaccine rollout – and we’ve seen first-hand the impact it has had on the digital information ecosystem.

Although they take different forms in the digital sphere, both mis- and disinformation, as well as explicit vaccine-related crime during a time of global recovery is a serious issue, and much needed progress in battling the pandemic is dependent upon the mitigation and management of this “infodemic”.

As experts in digital risk protection, cyber intelligence, and cybersecurity continue to track and analyze cybercrime activity during this uncertain time, it is important to raise global awareness related to these trends and assist in reducing the associated risks. This begins with learning and operationalizing the signs of abnormal or anomalous activity, from conversations around narratives that can contribute to vaccine hesitancy and negatively impact public health to counterfeit certificates and beyond.