COVID-19 , Cybercrime , Fraud Management & Cybercrime
FinCEN: Beware Scams Related to COVID-19 Vaccines
Financial Institutions Alerted to Risks of Ransomware, Fraud and Phishing AttacksThe U.S. Treasury's Financial Crimes Enforcement Network is alerting financial institutions about the potential for fraud, ransomware attacks or similar types of criminal activity related to COVID-19 vaccine research and distribution organizations.
See Also: Preparing for New Cybersecurity Reporting Requirements
FinCEN reports the fraudulent acts include targeting vaccine researchers with ransomware, promising consumers early access to a COVID-19 vaccine for an extra fee and peddling fake cures.
In the alert, the agency also provides instructions for filing Suspicious Activity Reports (SARs) regarding any unusual activity related to COVID-19 vaccines and their distribution. The agency says filing a SAR is crucial to identifying and stopping fraud and cybercrime and is part of the Bank Secrecy Act compliance requirements by financial institutions.
"FinCEN is aware of ransomware directly targeting vaccine research, and FinCEN asks financial institutions to stay alert to ransomware targeting vaccine delivery operations as well as the supply chains required to manufacture the vaccines," the agency notes in an alert.
FinCEN also cited cases of phishing campaigns using fake information regarding COVID-19 vaccines as a lure to convince their victims to click on malicious links.
The advisory comes just days after President Donald Trump signed the $900 billion COVID-19 emergency relief bill.
Rising Threats
Ransomware attackers are capitalizing on the time-consuming nature of vaccine development, says Austin Merritt, cyber threat intelligence analyst at Digital Shadows.
"As research and distribution of the vaccines continue, the stakes for protecting information remain high, especially with supply chains critical to distribution exposed to more risk," Merritt says.
Cybercriminals who gain access to a vaccine manufacturer's network obtain two strong bargaining chips to force a ransom payment, Merritt says.
"Ransomware could be used to undermine vaccine research organizations and supply chains by disrupting operations during critical periods, increasing the likelihood that a ransom payment would be made," he says.
Secondly, a ransomware attack involving data exfiltration gives an attacker access to sensitive information belonging to patients involved in vaccine trials. Not only are healthcare records highly sought on the dark web, but this information is an extremely valuable bargaining incentive to elicit a victim ransom payment, Merritt says.
One of the best methods to defend against these attacks is to make certain employees are aware of the dangers.
"Businesses need to remain vigilant and double down on protection, especially employee security awareness training," Isabelle Dumont, vice president of market engagement at security firm Cowbell Cyber, notes.
Prior Warnings
FinCEN, Microsoft and international law enforcement agencies have taken the lead in issuing warnings about this type of activity since the pandemic began.
In October FinCEN released an alert detailing how ransomware groups are using the federal financial system to facilitate ransom payment.
In November, Microsoft warned that three state-sponsored advanced persistent threat groups - one Russian and two North Korean - were targeting companies worldwide that are involved with COVID-19 vaccine development. The company also said it was able to block attacks against six large pharmaceutical companies and one clinical research firm from occurring (see: APT Groups Target Firms Working on COVID-19 Vaccines).
Earlier this month, Interpol, warned of a potential surge in organized crime activity tied to COVID-19 vaccines. The alert said some of the recent attacks against companies working on vaccines and treatments were suspected to have been tied to North Korean hackers (see: Interpol: Organized Crime to Capitalize on COVID-19 Vaccines).
Also in December, Europol warned that organized crime groups are engaged in selling counterfeit vaccine on the dark web, as well as physical and virtual attacks targeting supply chain companies (see: Europol Warns of COVID-19 Vaccine Crime Gangs).