The Financial Crimes Enforcement Network (FinCEN) has issued a warning to financial institutions that ransomware gangs are actively targeting organizations involved in vaccine research. Financial institutions have been advised to be on high alert due to the considerable potential for fraud and criminal activity related to COVID-19 vaccines and their distribution. Nation state threat groups and cybercriminal organizations are taking advantage of interest in COVID-19 vaccines and there has already been considerable criminal activity related to COVID-19 vaccines and their distribution.
The alert comes just a few days after the U.S. Food and Drug Administration (FDA) issued two emergency use authorizations for COVID-19 vaccines. Now that the vaccines have been authorized for use, there is considerable potential for criminal activity such as the marketing and sale of unapproved vaccines, the sale of counterfeit vaccines, and diversion of legitimate vaccines. Ransomware gangs targeting the supply chain could cause considerable disruption to distribution, increasing the probability that ransoms will be paid.
A vaccine distribution plan has been developed for the United States, but there have already been cases of fraudsters offering early access to the vaccines for a fee. Ransomware activity has increased during the pandemic, and it is likely that targeted attacks on research organization, vaccine developers, and the distribution chain will continue as the vaccines start to be rolled out.
As was seen early in the pandemic, phishers adopted COVID-19 themed lures to target victims offering information about cures and fake news about COVID-19 vaccines. Financial institutions have been warned to be alert to phishing schemes using lures related to COVID-19 vaccines as these are likely to continue and even increase now the first vaccines have been authorized. Similar warnings have recently been issued by several government and law enforcement agencies in the United States and Europe about the threat of vaccine and COVID-19-themed phishing attacks and other COVID-19 related malicious activity.
The phishing campaigns conducted during the pandemic have proven to be extremely successful. Figures released by the FTC indicate more than 275,000 Americans have reported suffering financial losses as a result of COVID-19-themed scams, with more than $211 million lost to the scams so far in 2020.
The FinCEN alert includes instructions for filing suspicious activity reports (SARs), which are essential for identifying and stopping fraud and cyber-enabled crime.