NormShield Researchers Find Spike in Creation of Web Addresses Including Drug Names Like “Hydroxychloroquine” Following White House Briefings and Additional High-Profile Support
Vienna, VA, April 9, 2020 – Shadowy sellers want to capitalize on interest in pharmaceuticals promising a potential treatment to COVID-19. Researchers from the cyber risk assessment company NormShield looked for websites using the names of 10 commonly discussed drugs over the last several months. The NormShield team found a dramatic spike in the number of sites generated to get the attention of scared shoppers looking for coronavirus cures.
NormShield published the research today in a new report, “Phishing Domains Pushing COVID-19 Drugs, Preying on Innocent Consumers.”
In the first three months of 2020 alone, the NormShield team found 362 new possible phishing domains with references to or containing exact names of ten medicines – remdesivir, chloroquine (and hydroxychloroquine)*, Plaquenil*, azithromycin, metformin, favipiravir, interferon, lopinavir, ritonavir, and arbitol. Of those 362 sites, 221 (or 61 percent) had domain names that contained either chloroquine or azithromycin.
While the number of phishing domains catapulted for chloroquine and azithromycin in particular, domain names containing the eight other drugs increased as well.
“This is the beginning of a larger problem. When you see the sites being created, it tells us the bad guys see an opportunity and are looking to exploit people,” said NormShield CEO Paul Paget. “The President, Elon Musk, many other world leaders are discussing drugs, hoping they provide some options to the sick, the scared, and the medical community. Threat actors are looking to insert themselves into this process and profit.”
NormShield’s Chief Security Officer Bob Maley added, “We see some of the sites already being used offering these drugs. The sites might only be active for a few hours, but then they come down after the operator makes a quick hit – preying on consumers at opportune times. Some of these sites have a padlock – giving the consumer the impression they are safe, but they’re not.”
NormShield tracks indicators of negative cyber behavior on the internet for organizations and their supply chains. Generally, when they see activity like this, it’s because cyber threat actors are trying to get personal information to sell to others or directly scam consumers with fraudulent websites making a profit off those in need.
“It never fails – cybercriminals see an opportunity and exploit it,” said Maley. “We see this with everything from CyberMonday shopping sales to the Super Bowl, but now, we’re talking about life or death matters. It’s important that people know they need to be wary when searching online for these drugs. Go with trusted pharmacies where they can talk with a pharmacist and be sure the drug they get is right for them.”
*Researchers found “hydroxychloroquine” and “chloroquine” in the same searches, which is why they are listed in the same category, but they are not the same drug. Plaquenil is the brand name for hydroxychloroquine. Researchers are looking at both hydroxychloroquine (Plaquenil) and chloroquine (Aralen) as possible treatments for the COVID-19 coronavirus disease.
NormShield® is the only cyber risk rating system that enables enterprises to measure the potential financial loss from a cyber-attack on a third party, supplier or business partner. NormShield’s 3D Vendor Risk @ Scale® platform uniquely combines three types of assessments to provide more fidelity and streamline the process of assessing third party risk. Combining cybersecurity ratings, compliance controls, and potential financial loss simplifies the arduous process of assessing hundreds to thousands of third parties. The NormShield platform provides accurate, quantitative, and continuously updated data to assess and monitor the cyber risk posture of any organization.