NEW YORK / CHICAGO / LOS ANGELES, Feb 5 (Reuters) – US retailers and pharmacies such as Walgreens and CVS Health are preparing for a new round of “bot” attacks by scalpers in hopes of getting appointments of the Covid-19 vaccine as they did to monopolize Sony PlayStation 5s and Nike sneakers.
For more than a decade, the retail industry has struggled with so-called “scalper bots,” programmed to cut digital lines and obtain supply products limited to a few milliseconds of their publication, which are sold at significant increases.
The coronavirus pandemic exacerbated the problem because the boom in online shopping expanded the vision of climbers to new categories, from fitness equipment to essential products such as toilet paper and detergents. In Britain, scalpers who use boats have also snatched spaces for sending groceries online reserved for at-risk seniors.
The Joe Biden administration said this week that it will soon begin distributing approximately one million doses a week directly to some 6,500 pharmacies in the first phase of a federal program that aims to expand access to vaccines.
Security companies monitoring this activity now warn that U.S. retailers and pharmacies hired to play a major role in spreading the COVID-19 vaccine could be the next target of bot attacks as they begin. to be distributed as early as 11 February.
These fears stem from the problems retailers have had in this holiday shopping season, when the latest PlayStation and Microsoft Xbox consoles were almost impossible to find because scalpers attacked major retailers.
“The tail jumpers are branching out. Their tools are now being used to target other high-demand items, ”said Matt Gracey-McMinn, head of threat research at bot security firm Netacea.
Walmart told Reuters in December that most of the “significantly higher” traffic from the consoles came from robots and that the company had to conduct after-sales audits, canceling robot orders and making these products available to regular consumers. .
Another attack like the one faced by retailers during the holiday shopping season could make an even more fragile process where only 32 million doses have been administered since federal regulators granted emergency approval in December. to two vaccines in December, according to the Centers for Disease Control and Prevention (CDC).
THERE IS NOT ENOUGH
In recent weeks, people have shared on social media horror stories about trying to secure vaccination appointments from government sources, with some robots blamed for accidents from stolen places and spaces.
The private sector is looking for technological problems. “The Walgreens team is working to ensure that only authorized and eligible patients have access to schedule an appointment for the vaccine,” said Jim Cameli, head of information security for the Walgreens Boots Alliance.
“To do so, safety measures such as robot detection and prevention will play a key role in providing this critical service to patients.”
CVS said its program could thwart bot attacks. “Our vaccination dating site has a layered defense that includes features to detect automated cyberattacks, such as botnets. These features, along with our application design and user input validation, allow us to validate legitimate users. Said a CVS Health spokesman.
When asked if he was concerned about robots attacking Covid-19 vaccine appointments, Walmart said he “will focus on the safety and mitigation steps needed to help us provide fair and equitable vaccination registrations.”
Walmart said Tuesday in a blog post that as of the end of next week, once the retailer receives doses from the federal government at select pharmacies in 22 states, vaccine-eligible customers can use a programming tool to block online appointments “for the duration of the assignment.”
However, these websites make retailers easier targets for robots than states that currently handle vaccine appointments, two cybersecurity experts said.
Securing appointments through local governments requires a more complicated process of browsing different websites. This makes it more difficult for humans and robots to complete the process.
The complexity of securing vaccine appointments by the government, even without explicit evidence that the robots manipulated the process, inspired a number of programmers to create monitoring programs for websites such as Georgia Vax, Visualping, and the list of New York vaccines, which alert people about free available appointments.
“It would be hard for someone to make a lot of money attacking states because all counties are different,” said Ben Warlick, an Atlanta-based lawyer who has been writing free dating control robots to help people get the vaccine. . “Creating a great national system would be too difficult to set up.”
But for retailers, the threat is real.
“Several of our clients have come to us worried about the dreaded dilemma they will ultimately face: how do we manage vaccine appointments without being affected by automated bot attacks?” said Edward Roberts, a specialist at security firm Imperva.
He added: “The dam will explode when vaccines are available to all citizens.”
Reports by Melissa Fares, Richa Naidu and Lisa Baertlein; Edited by Kenneth Li, Vanessa O’Connell and Nick Zieminski