SECURITY
SECURITY
SECURITY
Bots used to drive rapid increase in pharmacy account theft
A new report today from researchers at bot mitigation company Kasada Pty. Ltd. details the rise of pharmacy account theft and how stolen accounts are being resold on the internet.
Targeting pharmacy accounts, those used by people to obtain prescription medication and other controlled substances, isn’t that surprising but it is fairly new, at least in the number of accounts targeted. Attacks targeting retail, entertainment and financial services accounts have long been pervasive, but the researchers found that pharmacy attacks are quickly growing in number.
The methodology used to steal pharmacy accounts comes as no surprise with the same technology used when targeting other types of accounts. Those behind the account theft were found to be using malicious bots to test stolen user credentials in credential-stuffing attacks. Those attacks involve using compromised user credentials obtained in hacks on other sites and services to see if they work, in this case on pharmacy sites, since many users use the same username and password across multiple sites.
The numbers are significant. The Kasada researchers have discovered tens of thousands of stolen online pharmacy accounts available on secondary marketplaces, with the number of stolen accounts available for sale increasing by five times in the last 60 days.
Using the stolen accounts, sellers are offering access to legitimate prescriptions for substances such as Adderall and Oxycodone. The prices of the drugs offered vary from what would typically be paid with an insurance co-payment to several hundred dollars. The marketplaces offer stolen accounts from physical and online-only pharmacies, including the top 10 U.S. pharmacies, typically with the name of the pharmacy redacted.
In an interesting twist, the stolen accounts are not being sold only on the shady part of the internet known as the dark web but also on the regular internet for anyone to find. Those looking to buy can choose the pharmacy and medication of their choice and pay via cash transfer or cryptocurrency. They’re offered a guarantee that if the account does not work, they will be provided a new account at the same pharmacy at no additional charge.
“It’s easy to see how the illegal sale of stolen pharmacy accounts can be a profitable venture,” the researchers conclude. “Not to mention very dangerous — by enabling medications to be put into the hands of people who don’t have a prescription.”
Photo: Rawpixel
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
