NEW YORK / CHICAGO / LOS ANGELES (Reuters) – U.S. retailers and pharmacies such as Walgreens and CVS Health are preparing for a new round of “bot” attacks by scalpers hoping to sharpen COVID-19 vaccine appointments while Sony PlayStation 5s and Nike sneakers.
The retail industry has been struggling for more than a decade with the so-called “scalper bots”, which are programmed to cut digital lines and record products with limited inventory within milliseconds after its release, which are sold at a significant surcharge.
The coronavirus pandemic exacerbated the problem as the boom in online shopping scalpers’ visibility expanded to new categories of fitness equipment to essential goods such as toilet paper and detergents. In Britain, scalpers using bots also snatched up grocery delivery equipment reserved for senior citizens.
The Joe Biden administration said this week that it will soon distribute about 1 million doses per week directly to about 6,500 pharmacies in the first phase of a federal program aimed at expanding access to vaccines.
Security companies following this activity are now warning that US retailers and pharmacies playing a major role in the distribution of COVID-19 vaccines could be the next target of bot attacks, as they start distributing as early as February 11th.
These fears stem from problems retailers have been experiencing over the past holiday season, when the latest PlayStation and Microsoft Xbox consoles were nearly impossible to find because scalpers attacked major retailers.
‘Rope jumpers branch out. Their tools are now being used to target other high-demand products, ”said Matt Gracey-McMinn, head of threat research at botac security firm Netacea.
Walmart told Reuters in December that most of the “significantly higher” traffic for the consoles came from bots, and that the company had to conduct a after-sales audit, by canceling orders placed by bots and delivering the products to to make ordinary consumers available.
Another attack such as the retailers struggling during the holiday shopping season could sniff out a fragile process further, where only 32 million doses have been administered since federal regulators granted emergency vaccination to two vaccines in December, according to the Centers of Disease Control and Prevention (CDC).
NOT ENOUGH SLOTS
In recent weeks, people on social media networks have shared horror stories about attempts to secure vaccinations from government sources, with some clashes for the collapse of the site and stolen slots.
The private sector encapsulates technological problems. “The Walgreens team is working to ensure that only authorized and eligible patients have access to an appointment with a vaccine,” said Jim Cameli, chief information officer for Walgreens Boots.
“In doing so, safety measures such as the detection and prevention of bone loss will play a key role in providing this critical service to patients.”
CVS said its program could stem bot attacks. ‘Our vaccination site has a low defense that has the ability to detect automated cyber attacks, such as botnets. These capabilities, coupled with our application design and user input validation, enable us to validate legitimate users, ” a CVS Health spokesman said.
Asked if he was concerned about bots attacking the appointment of Covid-19 vaccines, Walmart said it “will focus on safety and all necessary mitigation steps that can help us report fair and equitable vaccinations.”
Walmart said in a blog post on Tuesday that as early as next week, once the retailer receives federal government doses at select pharmacies in 22 countries, vaccine-eligible customers can use a scheduling tool to make appointments online. while the award lasts. ”
However, such sites make retailers easier targets for collisions than the states currently in the process of appointing vaccines, two cyber security experts said.
Securing appointments by going through local governments is a more complicated process of navigating different websites. This makes it harder for both people and collisions to complete the process.
The complexity of securing government vaccine appointments, even without explicit evidence that bots are tampering with the process, has inspired some programmers to set up website monitoring programs such as Georgia Vax, Visualping and NYC Vaccine List, which alert people locally to available appointments for free.
The National Association of Chain Drug Stores (NACDS) said in a media call on Friday that the Centers for Disease Control and Prevention (CDC) plans to launch ‘Vaccine Finder’, a tool the health organization has developed over time to help those who qualify detect the vaccine.
The CDC was not immediately available for comment.
“It’s going to be hard for anyone to make a lot of money attacking states because every province is different,” said Ben Warlick, a lawyer in Atlanta who did free clashes to help people get the vaccine. . “Creating a large nationwide system would be just too difficult to set up.”
But for retailers, the threat is real.
“Several of our customers are concerned about the frightening dilemma they will eventually face: how can we manage the vaccine appointments without being reinforced by automated bot attacks?” says Edward Roberts, a specialist at the security firm Imperva.
He added: “The dam will explode as soon as vaccines are available to all citizens.”
Reporting by Melissa Fares, Richa Naidu and Lisa Baertlein; Edited by Kenneth Li, Vanessa O’Connell, Aurora Ellis and Nick Zieminski