Recently, there has been a surge of activity regarding supposed COVID-19 vaccine sales on dark web marketplaces (DWMs).
Fake COVID-19 vaccines are not exactly news, as these have been pushed and peddled on the dark web since before proven vaccines have been released from official sources. However, one might expect interest to die down since official vaccine rollouts started mid-to-late December 2020. Before fake vaccines, PPE, supposed medicines, and even ventilators were also to be found.
However, that doesn’t seem to be the case as the number of advertisements and offers for COVID-19 vaccines over the dark net multiplied from early December 2020 to January 2021.
The demand for illegitimately sourcing COVID-19 vaccines is likely spurred by those who now know that safe and effective vaccines are in distribution, but that are unwilling to wait weeks, or even months, for their chance in line.
Despite their location on the dark web and often broken English, these ads try their best to be convincing. They expound the trustworthiness of their product and services with promises like “all our packages are at least double vacuum-sealed,” “stealth[sic] and discreet deliveries,” “100% guarantee,” and even “buy-1-get-1-free” offers.
While these promises are grand, it’s an old social engineering tactic by suspicious or downright malicious online actors to try and rope in desperate buyers.
For security experts who are aware of the dark web and dark web marketplaces (DWMs), this is nothing they haven’t seen before. If nothing else, it reinforces the ability of DWMs to respond to trends in the real world and the willingness of malicious actors to exploit situations as well as the fears, desires, and desperation of individuals.
LIFARS’s cyber resiliency training provides interactive training modules that deliver stimulating and engaging learning experiences to your employees, equipping them with the tools and resources they need to be successful active participants in the cybersecurity process.
In trend with the rising demand, prices have gone up. Whereas prices started as low as $250 in December, they now fall in the range of $500 to $1,000. Most sellers appear to be from the US, UK, Russia, Spain, Germany, and France.
There are also vaccine passports available for as little as $250 as well as negative test results.
Visitors are encouraged to contact these suppliers via messaging services, such as WhatsApp, Telegram, Wickr Me, and Google Hangouts, likely using encrypted messaging features.
What are the Dangers of Buying COVID-19 Vaccines on the Dark Web?
The first and foremost is that you are very unlikely to receive anything, even a fake vaccine, using these suppliers. Payments are usually made to anonymous wallets using cryptocurrencies, such as Bitcoin. With no regulations or protections in place, there is nothing stopping the seller from walking away with your money once you’ve made the transaction.
A less likely, but potentially more dangerous threat is that you get shipped a fake or unapproved vaccine. Vaccines go through rigorous trials and tests before they are approved, and there is no telling what harmful substances are present or side effects may occur from using a non-FDA-approved vaccine, for example.
There are also a huge number of cybersecurity threats related to accessing sites on the dark web. Malicious websites and actors abound on the dark web without the typical protections and regulatory environment of the everyday internet.
Downloading malicious software, such as viruses, ransomware, trojans, etc. is an ever-present threat. These tools can be used to steal your personal and financial information in order to commit identity theft, steal your money, or extort you.
Once these types of malware infect a physical device, it also becomes more likely to spread laterally within or across networks. In this case, it can pose a significant threat to entire businesses or organizations.
You will also come under increased threat from social engineering-based threats, such as phishing and spear phishing.
The point is to remember that these illicit sellers are often more interested in ways to exploit you for further gain than whatever they might profit from actually selling you a product or service. Using DWMs may not only put yourself at risk but your personal and professional network as well leading to much larger collateral damage.