COVID-19 anxiety and fear ripped through the hearts of many across the globe during the early days of the pandemic, before vaccines were developed and distributed to the public. And as COVID-19 vaccines began to emerge and trickle out in December, so did desperation among those who desired to be vaccinated ASAP.
This wasn’t lost on the bad guys, who target the fearful, desperate and trusting souls within our society who were seeking protection from the deadly virus.
Often, these bad actors duped citizens into sharing personal information, such as credit card and bank account information, to pay for COVID-19 vaccines that would never arrive or, worse yet, arrive but be bogus and give the recipient a false sense of security. And in some cases, nation states were suspected of being involved in this nefarious COVID-19 activity.
Between April 2020 to June 2021, for example, the Homeland Security Investigations’ (HSI) Operation Stolen Promise, formed at the start of the pandemic to address COVID-19 fraud and cyber thieves, seized more than $52 million in illicit proceeds, made 292 arrests and executed 308 search warrants, and analyzed more than 82,080 COVID-19 domain names.
Fortunately, in addition to HSI’s Stolen Promise team, cybersecurity firm Check Point Software Technologies and IBM’s cybersecurity team Security X-Force were among the IT superheroes seeking to put the kibosh on COVID-19 cyber criminals. Here are their team members’ stories:
IBM Security X-Force
IBM’s Security X-Force’s Claire Zaboeva, strategic cyberthreat analyst, and Melissa Frydrych, cyber threat hunt analyst, played a key role in helping to uncover a global phishing campaign that targeted the COVID-19 vaccine cold supply chain, as the precious cargo made its way across the world in temperature-controlled environments.
The two analysts determined the global distribution of COVID-19 vaccines would be a prime target for cybercriminals, based on a predictive analysis they composed. They searched for this activity across the Internet and discovered highly targeted phishing emails that in some cases appeared to be coming from Haier Biomedical, a Chinese company considered the world’s main cold-chain supplier and an active partner of UNICEF and the World Health Organization.
The targeted phishing emails were directed at companies that made the solar panels to power portable vaccine refrigerators to petrochemical companies that produce dry ice, as well as the European Commission’s Directorate-General for Taxation and Customs Union that was revising new import and export regimes for the COVID-19 vaccines. The globally distributed attack spanned 14 different nations across Europe, Asia, Africa, North America, South America and Latin America.
The suspected goal of the cybercriminals was to steal their victims’ credentials and gain unauthorized access to their corporate networks and pilfer sensitive COVID-19 vaccine distribution information. And because this global phishing scam was well-researched and had great precision in selecting the executives and key organizations it would target, it had all the hallmarks of a nation-state behind the scheme, Zaboeva said.
Video: Claire Zaboeva, IBM Security X-Force ( 1:20 min)
Zaboeva said she entered the cybersecurity field through a circuitous route more than a decade ago.
She specialized in geopolitics and law as a congressional scholar and stumbled into cybersecurity when working with engineers and listening to their cyber needs and requirements, and conveying that information in simple terms to decision makers and leaders.
“I actually found out that I had a rather strong knack for cyber and that’s kind of how I fell into the rabbit hole for cyber,” Zaboeva said.
Video: Claire Zaboeva, IBM Security X-Force ( 1:21 min)
Although vaccines are becoming widely distributed with more than 45% of U.S. residents fully vaccinated, according to the Centers for Disease Control and Prevention (CDC), Zaboeva believes COVID-19 cyberthreats will continue. She pointed to COVID-19 booster shots to travel credentials as the potential next attack targets.
“COVID will continue to impact the overall shape of the threat landscape and drive activity in different ways,” Zaboeva said.
Check Point Software Technologies
Over a four-month period that ended in February, cybersecurity firm Check Point Software Technologies discovered more than 294 potentially dangerous vaccine-related domains. And Maya Levine, technical marketing engineer for Check Point, helps get the word out about such discoveries so the general population will know of specific nefarious activities.
One of the most dangerous types of discoveries the cybersecurity team has found were fake vaccines being sold on the dark web. Check Point drilled down further and used Bitcoin to purchase one of the so-called COVID-19 vaccines to test it, but it never arrived. Levine noted that had a bogus vaccine been sent to a buyer, it could have caused irreparable damage to the user because there is no way for the average consumer to test the legitimacy of the vaccine.
But the most common nefarious activity seen among COVID-19 cyberthieves during the early days of the pandemic were phishing attacks, where they impersonate legitimate government agencies, such as the U.S. CDC and the World Health Organization, and downloaded malware onto users computers after they clicked on an attachment, Levine said.
Video: Maya Levine, Check Point Software Technologies ( 1:02 min)
Levine, a computer science engineering major, started her IT career at Check Point in an entry level, customer-facing engineering position. Although it was helpful to have a technology background, Check Point put her through an intensive training program to get her up to speed on the area she would be working on.
The best steps she took to prepare for the customer-facing engineering role was to educate herself on the types of attacks that were currently happening, as well as major breaches of the year and cybersecurity industry trends. To achieve this, Levine became a voracious reader of tech blogs, forums and other publications.
Video: Maya Levine, Check Point Software Technologies ( 1:38 min)
Levine noted that Check Point doesn’t require job applicants to have all of the hard and soft skills needed for the job when they apply.
“The number one thing that Check Point is looking for is a willingness to learn,” Levine said. “People can be trained and that, a lot of the time, can lead to better employees because you’ve trained them with the knowledge that you want them to have.”
Homeland Security Investigations (HSI)
Late last year, as the Federal Drug Administration (FDA) issued emergency use authorization for COVID-19 vaccines produced by Pfizer-BioNTech and Moderna, cyber thieves went into high drive with nefarious activities involving the COVID-19 vaccines.
Members of the U.S. Homeland Security Investigations (HSI) Cyber Crimes Unit, led by unit chief Matt Swensen, received a lead from Moderna about a questionable website. The unit discovered the bogus Moderna website was claiming to sell COVID-19 vaccines “ahead of time,” at $30 per dose. Undercover agents led by HSI’s Baltimore Field Office supervisory special agent Evan Campanella contacted the cyber thieves, expressing interest in snapping up 200 doses for $6,000. And by mid-January, the government seized the fake Moderna website and arrested three Baltimore-area men the following month on charges of conspiracy to commit wire fraud in connection with allegedly trying to sell purported COVID-19 vaccines.
Video: Matthew Swensen, HSI Cyber Crimes Unit (10:09 min)
When HSI’s Baltimore field office received the information gleaned from the Cyber Crimes Unit, it began to lay out plans to capture the cyberthieves in action. It started with the contact information the bad actors provided.
Video: Evan Campanella, HSI Cyber Crimes Unit (4:06 min)
As a result of their work, three Maryland men, all in their 20s, were arrested on federal charges of conspiracy to commit wire fraud. The case is still ongoing, Campanella said.
“We go to work every day with a mission to do. Sometimes it’s to put the bad guys in jail, and sometimes it’s to actually just help the public,” Campanella said, pointing to a situation where his agents used their personal time to make arrangements and take an elderly victim of a COVID-19 vaccine scam to a legitimate vaccination appointment, since he had no transportation means and was desperate to get a vaccine.
Campanella, as a college graduate, initially served as an intelligence analyst for the Manhattan District Attorney’s Office, then later joined HSI as a special agent 15 years ago. Swensen took a different route, initially planning to be an attorney out of college, but then switching to an HSI special agent career and leveraging two years of undergraduate computer science coursework.
“I’m a bit of an anomaly at HSI,” said Swensen, who has served in cybersecurity, digital forensics and incident response for 17 years of his 19-year tenure at the agency. “Most agents will go and do something for three to five years and then rotate groups, since HSI has a broad mission and legal authority.”
But for Swensen, he enjoys fighting cybercriminals more than other types of hooligans.
Video: Matthew Swensen, HSI Cyber Crimes Unit (3:18 min)
For IT professionals considering a transition to cybersecurity at a government agency, Swensen offers several pieces of advice, including gaining as much technical experience as possible, particularly in writing script, coding, programming and data engineering. Soft skills include the ability to write reports and give presentations in a way that non-technical people will understand.
“Those positions are in very high demand and it makes it very difficult for us as the government to sometimes compete with the private sector for these jobs,” Swensen said. “A lot of the people we get are not necessarily doing it for the money, they’re doing it because they want to serve the public and think the work is interesting. A lot of the work we do, you’re not going to have an opportunity to do it elsewhere.”
Dawn Kawamoto is a freelance writer and editor. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET’s News.com, InformationWeek, TheStreet.com, AOL’s DailyFinance, The Motley Fool, Dice.com and Dark Reading.