CSC: Malicious Activity Continues Among Thousands COVID Related Domains

CSC, a world leader in business, legal, tax, and domain security, today announced key findings from its new report, which found that nearly 500,000 web domains were registered since January 2020 containing key COVID-related terms. Many of these web domains can pose threats to brands and consumers due to their registration patterns and behaviors. This research is part of CSC’s latest report, “Two Year Analysis: The Impact of COVID-19 on Internet Security and Safety.”


The report’s findings are gathered using CSC’s newly launched DomainSecSM platform, which makes the connections between newly registered, dropped, and existing domain names, online brands, and fraud (phishing). DomainSec is the first of its kind to deliver a holistic approach for securing and defending brands’ domain portfolio ecosystems. It uses proprietary technology combined with machine learning, artificial intelligence, and clustering technology to generate invaluable security insights to help thwart brand abuse and cybersecurity incidents.


CSC identified a pattern of peaks and valleys (heuristics) with surges of domain registrations associated each time there was an important COVID-related news event. Most recently, the onset of Omicron saw additional disturbing behavior. While nearly 1,200 domains registered in 2021 included Omicron as a keyword, 832 were registered (70%) in a two-week timeframe between November 26 and December 9, with numerous domains causing traffic misdirection and redirection, soliciting donations, or promoting cryptocurrency investments.


Furthermore, CSC also evaluated domain registration behavior associated with websites using the Pfizer, Moderna, Johnson & Johnson, Centers for Disease Control and Prevention, U.S. Food and Drug Administration, and World Health Organization brand names and their permutations as they appear in the URL. CSC found that 80% of the 350 domains containing these names were registered to third parties. Half of the domains posted no web content and were deemed dormant; cybercriminals are known to use dormant domains as a strategy, turning them on just when they’re ready to launch an attack campaign. Of the dormant domains, most concerning is that nearly 33% are configured to send and receive email with active MX records, which can provide bad actors a launch pad to conduct malicious attacks against brands and consumers through phishing or malware attacks.


“At CSC, we believe domain security intelligence is power. The surge in COVID-related domain registrations in the last two years shows how bad actors are taking advantage of major public events,” says Ihab Shraim, chief technology officer of Digital Brand Services at CSC. “In today’s digital economy, domain name related cybercrime is exponentially rising and impacting organizations, customers, partners, and the connected internet supply chain. Through our cutting-edge DomainSec platform, key decision makers can obtain accurate domain security insights that analyze and mitigate threat vectors targeting their domain name portfolios and associated online brands.”


To access the full report and additional details, visit our website.


###