The 2020 pandemic has forced us all to adapt the way we work and communicate. Cybercriminals are leveraging the situation at the expense of others. At Cybersprint, we aim to keep these digital risks to a minimum. Therefore, we're sharing our research, containing a list of dodgy Corona-related domains you can use for blacklisting purposes.
In our previous blog, we talked about three types of malicious activity to watch out for. Cybercriminals are using a variety of methods for their own gain. The opportunists are (falsely) offering supplies such as face masks or phony tests. Fraudsters are using the crisis and increased web traffic on the subject for phishing purposes and to spread malware. In addition, nation state-funded campaigns and the spread of misinformation don’t help either.
The cybercriminals are setting up new domains for their activities. The registration date of the domains can be tracked, together with other detectable information. We have taken these variables to trace domain registrations related to the pandemic using our Digital Risk Protection platform. The result is a list of thousands of domain names. Please note we can't be sure there aren't any genuine domains in here, but we believe the vast majority of these entries are, or will be used, for malicious purposes. If you want to use them for blacklisting, please bear this in mind.
You can download the complete list here (.xlsx).
Development over time
So far, we have traced over 94,600 new domains. After 11 March, the daily registrations increased rapidly, peaking at over 4700 on 18 March. After that, we started to see a decline in registrations, as shown below.
Still, the activity has not stopped yet. COVID-19 related domains kept being created in the weeks after the spike, with an average of 372 new domains per day starting from 29 March.
Unfortunately, the decline we saw over April hasn't continued, as new spikes appeared late April and early May. We don't expect the opportunists to completely diminish their activity in the near future. Until then, we advise to stay vigilant when it comes to URLs and websites on COVID-19 and the corona virus in general.
Sebastiaan Bosman is Content Marketeer at Cybersprint.
With a background in Communications and Linguistics,
he is responsible for the creation and editing processes of most internal and external communication. He writes content such as blogs, whitepapers and case studies, primarily based on Cybersprint’s own research data. Previously, Sebastiaan worked as Content & Communications Advisor at ING Global.