Hackers are using company domain names for malicious attacks more than ever before. Established research shows that phishing and related malware attacks most commonly occur from a compromised or hijacked legitimate domain name, a maliciously registered, confusingly similar domain name, or via email header spoofing.
Domain security intelligence is the first line of defense in preventing domain cyberattacks. More information extracted and shared with key decision makers means less opportunity for cybercriminals to compromise a brand. In this digital economy, where bad actors can breach network credentials using phishing schemes, it’s essential to secure domains that run websites, email, applications, and more.
At the start of 2020, CSC began analyzing domain registrations. We identified surges in activity of potentially malicious registrations that incorporated domain name variations, including a variety of homoglyphs—domain names that appear visually similar to those of official trusted websites. In late 2021, the onset of the COVID variant Omicron led us to conduct additional analysis. Nearly 500,000 COVID-related web domains registered since January 2020 were analyzed, with many posing threats to brands and consumers due to their registration patterns and behaviors. Our new report, “Two Year Analysis: The Impact of COVID-19 on Internet Security and Safety,” serves as a real-world case study that calls attention to:
The ongoing surge in suspicious or potentially malicious domain registrations whenever there are massive global events
The resulting systemic risks with the domain name system—which lead to supply chain vulnerabilities, endless phishing, fraud (i.e., ransomware and business email compromise), brand abuse, counterfeiting, and consumer safety peril
The need for broader domain security standards, as well as policy or regulations over the domain name system activity
Other key findings:
We identified a pattern of peaks and valleys (heuristics) with associated surges of domain registrations each time there was an important COVID-related news event. Most recently, the onset of Omicron saw additional disturbing behavior. While nearly 1,200 domains registered in 2021 included Omicron as a keyword, 832 were registered (70%) in a two-week timeframe between November 26 and December 9, with numerous domains causing traffic misdirection and redirection, soliciting donations, or promoting cryptocurrency investments.
We also evaluated domain registration behavior associated with websites using the Pfizer, Moderna, Johnson & Johnson, Centers for Disease Control and Prevention, U.S. Food and Drug Administration, and World Health Organization brand names and their permutations as they appear in the URL. We found that 80% of the 350 domains containing these names were registered to third parties. Half of the domains posted no web content and were deemed dormant. Cybercriminals are known to use dormant domains as a strategy, turning them on just when they’re ready to launch an attack campaign. Of the dormant domains, most concerning is that nearly 33% are configured to send and receive email with active MX records, which can provide bad actors a launchpad to conduct malicious attacks against brands and consumers through phishing and malware attacks.
The development of the COVID pandemic led to an explosion of infringements across the full suite of online channels. Bad actors took advantage of increased levels of COVID-related internet searches to drive traffic to their own web content, tricking users seeking information or support, or looking to make purchases. The range of online channels on which this content appears also highlights the importance of a holistic brand protection service covering as many of these channels as possible.
The report’s findings are gathered using our newly launched DomainSecSM platform, which delivers a cloud-driven analysis of the global domain ecosystem to identify potential threats to major brands.
DomainSec is a software as a service (SaaS) cybersecurity platform that CSC has invested in to create the industry’s first holistic approach for securing and defending brands globally. This first-of-its-kind platform uses proprietary technology combined with machine learning, artificial intelligence, and clustering technology to enable the smartest security insights using leading indicators.
In bringing our domain management and security, along with brand and fraud protection solutions into one platform, we can offer our clients exponentially better protection and help refine their zero-trust security model, taking them beyond just safeguarding perimeters. Through the DomainSec platform, organizations can obtain the domain security insights they need to proactively take down threats and properly defend their domain ecosystems.
