Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
01:00 PM
Connect Directly
E-Mail vvv

3 Ways Anti-Vaxxers Will Undercut Security With Misinformation

Misinformation campaigns thrive on inequality of knowledge, which bad actors use to drive a wedge between communities.

When the entire world demands immediate access to a rare and finite resource, you always find criminals operating in the margins. This dynamic is particularly true with the COVID-19 vaccine. Vaccine threats are not limited to financial or national interests — one type of risk that's often overlooked in the larger vaccine security conversation is misinformation.

We can expect some of vaccine information threats to come from anti-maskers who believe COVID doesn't exist or that vaccines infringe on their freedom.

Related Content:

What COVID-19 Teaches Us About Social Engineering

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: 10 Security Awareness Training Mistakes to Avoid

Some people will also leverage the vaccine for political attacks. For example, they might falsely claim a batch of vaccines has spoiled, denying vaccine access to entire communities. 

Misinformation campaigns thrive on inequality of knowledge. Malicious entities can drive a wedge between communities by exploiting those societal fractures. At a time with deep, seemingly intractable cultural divides, there are three divisive elements of the vaccine likely to be exploited.

Vaccine Availability
Misinformation on availability could look like a run on the bank. For example, this type of misinformation could sound like, "They've got more vaccine at the corner store." This causes disorganization in our wide-scale vaccination efforts.

Vaccine availability misinformation could also look like rumors about vaccine shortages, preventing people from booking an appointment at a facility that still has available doses. This leads to vaccine waste and puts vulnerable people at risk. 

Fake vaccine scams will turn out to be both financially lucrative and an easy way to harm a nation's ability to achieve herd immunity. In many cases, they are easy, self-propagating operations. All that is needed is a list of targets for a "watering-hole" attack where people are lured to a site in order to be exploited. Additionally, these campaigns are often very hard to dismantle until after there has been harm.

Vaccine Health & Safety
Vaccine safety misinformation fuels the worst fears of anti-vaxxers. It focuses on how quickly the vaccines were developed or claims they were developed deceptively. This eclipses and extends the anti-vaxxer movement. Key targets are people who deal with vaccines for others, such as parents or people with elderly relatives. 

Adults have to choose to take action with the vaccine, which presents an opportunity for misinformation spreaders. Often, vaccination decisions are informed by research that pulls from conflicting or misleading sources. It's easy for people to generate memes and soundbites to make vaccines sound scary, making claims such as:

  • "The vaccine was produced too quickly; a typical vaccine takes 10 years to produce, this one took one year."
  • "What are they hiding in there?"
  • "It's all just a lie to give 'them' more control."

Under these conditions, anti-vaxxers and extremists will be able to recruit, and they will have a larger, receptive audience. It's not the anti-vaxxers' first rodeo: They have been convincing vulnerable parents for years — now they're going to convince vulnerable grandparents, caretakers, and more.

Proof of Vaccination
As a society, we don't yet know what vaccination cards will mean. Are they a reminder of your vaccination, or are they proof? If they are proof, can you use your older sister's? Will there be a market for people taking vaccines for each other? 

A vaccination proof card is valuable to those who want to work but don't qualify yet. It's also possible that in the future, only people who have been vaccinated will be able to travel, opening up another potential area for fraud through illegitimate vaccination card sales.

What Can We Do? 
Misinformation thrives on fear and ignorance. By ensuring accurate, consistent information takes precedence over sensationalist rumors, we can go a long way toward preventing misinformation. 

This is easier said than done. Trust has taken a serious blow in recent years, creating profound changes in the way we consume news. Re-establishing trusted sources, harnessing the power of influence, and avoiding fanning the flames of polarization are challenges we need to tackle. 

Weaponized misinformation thrives on social divisions and cultural inequality. While technology can help identify, label, and suppress misinformation, it's a primitive science. Algorithms aren't sophisticated enough yet to manage the nuances of human communication. Teams of moderators have a higher chance of success but don't scale, and even brief exposure to toxic information is harmful.

In an ideal world, we would weaponize our citizenry against misinformation. Practical experiences from the front lines show that an informed citizenry that actively criticizes information counters misinformation campaigns more effectively than any other form of intervention. Just as humans are the vector for misinformation, they can also be the antidote.

Misinformation is a real threat to our vaccination efforts, yet it's not taken as seriously as cybersecurity or operations threats. When it comes to a life-saving COVID-19 vaccine, the consequences of misinformation are enormous. By leveraging the power of relationships and influence, we can neutralize misinformation campaigns before they take root, saving lives in the process. Ultimately, access to healthcare is fragmented and imbalanced enough without allowing criminals to exploit our fears in order to further balkanize our recovery from the pandemic.

Dr. Pablo Breuer, cyber warfare and disinformation expert, and The Grugq, an information security researcher, contributed to this column.

Marc Rogers, Executive Director of Cybersecurity, Okta Marc Rogers is the executive director of cybersecurity at Okta. With a career that spans more than 20 years, Marc has been hacking since the 80's and is now a white-hat hacker. Prior to Okta, Marc served as the head ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-11-27
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
PUBLISHED: 2022-11-27
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
PUBLISHED: 2022-11-27
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side proj...