Cyber ​​attacks, hackers steal pharmacy accounts with bots

Pharmacies are also targeted by cybercriminals. A report released by cybersecurity firm Kasada shed light on a new phenomenon of credential stuffing, the cyber-attack technique used to steal users’ access credentials to websites or online services, applied in this case to the pharmaceutical sector. Specifically, theillicit use by cybercriminals of bots that steal account data from pharmacy customers, through which medical prescriptions of “controlled” drugs are accessed, to later resell them on the black market. Last year, an illicit market had developed on the dark web for the purchase and sale of anti-Covid vaccines, Green Passes and false negative tests, proof of the increasing frequency – and seriousness – of digital threats (of which 2021 is been theannus horribilis).

According to the report, most of the hacked accounts are from ten leading US pharmacies, online and physical, and would have been sold for nearly several hundred dollars. Based on the sales volume seen over the past month, a single cybercriminal could earn over $ 25,000 a month from selling stolen pharmacy accounts.

The most “greedy” recipes for cybercriminals would be those that allow the purchase of Adderall, a drug based on amphetamine salts used against attention deficit / hyperactivity disorder, and oxycodone, an analgesic belonging to the family of opioids, both highly dangerous if taken in large doses and for purposes other than curative ones, as they can create a strong addiction.

To illegally purchase drugs, the hacked account buyer uses the associated credit card and can change the shipping address or collect the order directly at the affected pharmacy. The intended use is twofold (to consume or resell the purchased drug), the outcome the same: a potentially harmful substance ends up illegally in the hands of those who should not take it, facilitating its abuse.

Although the first cases of hacking were observed last April, it is recently that the phenomenon has gotten into gear: in the last 60 days, in fact, the number of hacked accounts it would have increased fivefold.