Cybercriminals capitalize on COVID-19 fears, push shady websites, pharmaceuticals
Shadowy sellers want to capitalize on interest in pharmaceuticals promising a potential treatment to COVID-19.
NormShield researchers looked for websites using the names of 10 commonly discussed drugs over the last several months. They found a dramatic spike in the number of sites generated to get the attention of scared shoppers looking for coronavirus cures.
In the first three months of 2020 alone, the researchers found 362 new possible phishing domains with references to or containing exact names of ten medicines – remdesivir, chloroquine (and hydroxychloroquine), Plaquenil, azithromycin, metformin, favipiravir, interferon, lopinavir, ritonavir, and arbitol. Of those 362 sites, 221 (or 61 percent) had domain names that contained either chloroquine or azithromycin.
While the number of phishing domains catapulted for chloroquine and azithromycin in particular, domain names containing the eight other drugs increased as well.
“This is the beginning of a larger problem. When you see the sites being created, it tells us the bad guys see an opportunity and are looking to exploit people,” said Paul Paget, CEO, NormShield. “The President, Elon Musk, many other world leaders are discussing drugs, hoping they provide some options to the sick, the scared, and the medical community. Threat actors are looking to insert themselves into this process and profit.”
NormShield’s CSO Bob Maley added, “We see some of the sites already being used offering these drugs. The sites might only be active for a few hours, but then they come down after the operator makes a quick hit – preying on consumers at opportune times. Some of these sites have a padlock – giving the consumer the impression they are safe, but they’re not.”
NormShield tracks indicators of negative cyber behavior on the internet for organizations and their supply chains. Generally, when they see activity like this, it’s because cyber threat actors are trying to get personal information to sell to others or directly scam consumers with fraudulent websites making a profit off those in need.
“It never fails – cybercriminals see an opportunity and exploit it,” said Maley. “We see this with everything from CyberMonday shopping sales to the Super Bowl, but now, we’re talking about life or death matters. It’s important that people know they need to be wary when searching online for these drugs. Go with trusted pharmacies where they can talk with a pharmacist and be sure the drug they get is right for them.”
Note: Researchers found “hydroxychloroquine” and “chloroquine” in the same searches, which is why they are listed in the same category, but they are not the same drug. Plaquenil is the brand name for hydroxychloroquine. Researchers are looking at both hydroxychloroquine (Plaquenil) and chloroquine (Aralen) as possible treatments for the COVID-19 coronavirus disease.