NEW YORK / CHICAGO / LOS ANGELES, Feb. 5 (Reuters) – US retailers and pharmacies such as Walgreens and CVS Health are preparing for another round of ‘bot’ attacks by scalpers in hopes of securing Covid-19 vaccine appointments as they Sony hoard PlayStation 5s and Nike sneakers.
For more than a decade, the retail industry has been battling so-called “scalper bots,” programmed to break digital lines and bring limited supply products to market within milliseconds of their release, resold at significant mark-ups.
The coronavirus pandemic exacerbated the problem as the boom in online shopping expanded the scalpers’ visibility into new categories, from fitness equipment to essential goods such as toilet paper and detergents. In Britain, scalpers using bots have also taken down grocery delivery online slots reserved for at-risk elderly people.
The Joe Biden administration said this week that it will soon be distributing about 1 million doses per week directly to about 6,500 pharmacies in the first phase of a federal program to expand access to vaccines.
Security companies monitoring this activity are now warning that U.S. retailers and pharmacies that have signed up to play a major role in the spread of COVID-19 vaccines could be the next target of bone attacks as they begin as early as February 11. to spread.
These fears stem from problems retailers have faced over the past holiday season, when the latest PlayStation and Microsoft Xbox consoles were nearly impossible to find as scalpers attacked major retailers.
Queue jumpers branch out. Their tools are now being used to address other in-demand items, ”said Matt Gracey-McMinn, chief of threat research at bone protection company Netacea.
Walmart told Reuters in December that most of the “significantly higher” traffic to consoles came from bots, and that the company needed to conduct after-sales audits, cancel orders from bots, and make those products available to regular consumers.
Another attack, like the one that retailers faced during the Christmas shopping season, could exacerbate a fragile process involving just 32 million doses since federal regulators issued emergency approvals to two in December, according to the Centers of Disease Control and Prevention (CDC). vaccines.
NOT ENOUGH FINALLY
In recent weeks, people on social media networks have been sharing horror stories of attempts to get vaccination deals from government sources, with some bots blaming site crashes and stolen slots.
The private sector is hoping for technical problems. “The Walgreens team is working to ensure that only authorized and eligible patients have access to schedule a vaccine appointment,” said Jim Cameli, Walgreens Boots Alliance Chief Information Security Officer.
“To do this, security measures such as bone detection and prevention will play a key role in delivering this critical service to patients.”
CVS said its program could thwart bone attacks. “Our vaccination appointment site has a layered defense with capabilities to detect automated cyber attacks such as botnets. Those capabilities, along with our application design and user input validation, allow us to validate legitimate users, ”said a CVS Health spokesperson.
When asked if it was concerned about bots attacking Covid-19 vaccine appointments, Walmart said it would focus on safety and any necessary measures to help us provide fair and equitable filings for vaccinations.
Walmart said in a blog post on Tuesday that, starting late next week, once the retailer receives doses from the federal government at select pharmacies in 22 states, customers who qualify for vaccines will be able to use a scheduling tool to record online appointments “as long as the allotment. takes. “
However, such websites make it easier for retailers to target bots than the states currently making vaccine agreements, two cybersecurity experts said.
Making appointments by going through local governments requires a more complicated process of navigating different websites. This makes it more difficult for both humans and bots to complete the process.
The complexities of securing government vaccine appointments, even without explicit evidence that bots are manipulating the process, inspired a few programmers to create website monitoring programs, such as Georgia Vax, Visualping, and NYC Vaccine List, which warn people of available local-level appointments for free.
“It would be difficult for anyone to really make a lot of money by attacking states because every county is different,” said Ben Warlick, an Atlanta attorney who has written free appointment-monitoring bots to help people get the vaccine. to get. “Setting up a large nationwide system would just be too difficult to set up.”
But for retailers, the threat is real.
“Several of our customers have come to us and are concerned about the terrifying dilemma they will eventually face: how do we handle vaccine appointments without being disrupted by automated bot attacks?” said Edward Roberts, a specialist at security company Imperva.
He added, “The dam will explode as soon as vaccines are available to all citizens.”
Reporting by Melissa Fares, Richa Naidu and Lisa Baertlein; Editing by Kenneth Li, Vanessa O’Connell and Nick Zieminski