NEW YORK / CHICAGO / LOS ANGELES, Feb 5 (Reuters) – Retailers and pharmacies in the US, such as Walgreens and CVS Health, are preparing for a new round of “bot” scalper attacks hoping to end Covid-19 vaccine programming, as made for Sony PlayStation 5s and Nike sneakers.
For more than a decade, the retail industry has struggled with so-called “scalper robots”, programmed to cut digital lines and take products with limited supply within milliseconds of launch, which are resold at significant increases.
The coronavirus pandemic has exacerbated the problem, as the boom in online shopping has expanded scalper visions to new categories, from fitness equipment to essential products such as toilet paper and detergents. In the UK, scalpers using robots have also snatched food delivery slots reserved for at-risk seniors.
The Joe Biden administration said this week that it will soon begin distributing about 1 million doses a week directly to about 6,500 pharmacies in the first phase of a federal program aimed at expanding access to vaccines.
Security companies pursuing this activity are now warning that US retailers and pharmacies recruited to play a major role in disseminating the COVID-19 vaccine could be the next target of bot attacks as they begin distributing as early as February 11th.
These fears stem from the problems retailers faced this holiday shopping season, when the latest PlayStation and Microsoft Xbox consoles were almost impossible to find, as scalpers attacked large retailers.
“The tail jumpers are branching. Their tools are now being used to target other high-demand items, “said Matt Gracey-McMinn, head of threat research at security firm Netacea.
Walmart told Reuters in December that most of the “significantly higher” traffic for consoles comes from robots and that the company must conduct after-sales audits, canceling orders placed by robots and making these products available to regular consumers.
Another attack like the one retailers faced during the holiday shopping season could further accelerate a fragile process in which only 32 million doses have been administered since federal authorities approved in December. two vaccines, according to the Centers for Disease Control and Prevention (CDC).
NOT ENOUGH SLOTS
In recent weeks, people have shared horror stories on social media about trying to secure their vaccination meetings with government sources, and some robots have blamed the robots for blocking the site and the stolen slots.
The private sector is facing technological problems. “The Walgreens team is working to ensure that only authorized and eligible patients will have access to an appointment with the vaccine,” said Jim Cameli, Walgreens Boots Alliance’s chief information security officer.
“To do this, security measures, such as snout detection and prevention, will play key roles in providing this critical service to patients.”
CVS said its program could counter bot attacks. “Our vaccination site has a multi-level defense, which includes capabilities to detect automated cyber attacks, such as bot networks. These features, along with designing our application and validating user inputs, allow us to validate legitimate users, ”said a CVS Health spokesman.
When asked if he was worried about robots attacking Covid-19 vaccine appointments, Walmart said it would “focus on safety and any necessary mitigation steps that help us provide fair and equitable vaccination registrations.”
Walmart said in a blog post on Tuesday that starting next weekend, once the retailer receives doses from the federal government at certain pharmacies in 22 states, vaccine-eligible customers can use a programming tool to block online appointments “for the duration of the allocation. ”
However, such websites make retailers easier targets for robots than states currently dealing with vaccine programming, said two cybersecurity experts.
Securing appointments by going through local governments requires a more complicated process of navigating different websites. This makes it more difficult for both humans and robots to complete the process.
The complexity of securing government vaccine appointments, even without explicit evidence of robots modifying the process, has inspired some programmers to create website monitoring programs such as Georgia Vax, Visualping and the NYC Vaccine List, which warn people about appointments available locally for free.
“It would be hard for anyone to make a lot of money attacking states because every county is different,” said Ben Warlick, an Atlanta lawyer who has written free programming monitoring robots to help people get the vaccine. “Creating a large national system would be too difficult to set up.”
But for retailers, the threat is real.
“Many of our clients have come to us worried about the frightening dilemma they will eventually face: how do we manage vaccine meetings without it being overturned by automatic attacks, muzzle?” said Edward Roberts, a specialist at security firm Imperva.
He added: “The dam will explode once the vaccines are available to all citizens.”
Reporting by Melissa Fares, Richa Naidu and Lisa Baertlein; Editing by Kenneth Li, Vanessa O’Connell and Nick Zieminski