Hackers are using company domain names for malicious attacks more than ever before. Established research shows that phishing and related malware attacks most commonly occur from a compromised or hijacked legitimate domain name, a maliciously registered, confusingly similar domain name, or via email header spoofing.

Domain security intelligence is the first line of defense in preventing domain cyberattacks. More information extracted and shared with key decision-makers means less opportunity for cybercriminals to compromise a brand. In this digital economy, where bad actors can breach network credentials using phishing schemes, it’s essential to secure domains that run websites, email, applications, and more.

At the start of 2020, CSC began analyzing domain registrations. We identified surges in the activity of potentially malicious registrations that incorporated domain name variations, including a variety of homoglyphs—domain names that appear visually similar to those of official trusted websites. In late 2021, the onset of the COVID variant Omicron led us to conduct additional analysis. Nearly 500,000 COVID-related web domains registered since January 2020 were analyzed, with many posing threats to brands and consumers due to their registration patterns and behaviors.

Our new report, “Two Year Analysis: The Impact of COVID-19 on Internet Security and Safety,” serves as a real-world case study that calls attention to:

1. The ongoing surge in suspicious or potentially malicious domain registrations whenever there are massive global events
2. The resulting systemic risks with the domain name system—which lead to supply chain vulnerabilities, endless phishing, fraud (i.e., ransomware and business email compromise), brand abuse, counterfeiting, and consumer safety peril
3. The need for broader domain security standards, as well as policy or regulations over the domain name system activity

The report’s findings are gathered using our newly launched DomainSec^SM platform, which delivers a cloud-driven analysis of the global domain ecosystem to identify potential threats to major brands. Other key findings:

• We identified a pattern of peaks and valleys (heuristics) with associated surges of domain registrations each time there was an important COVID-related news event. Most recently, the onset of Omicron saw additional disturbing behavior. While nearly 1,200 domains registered in 2021 included Omicron as a keyword, 832 were registered (70%) in a two-week timeframe between November 26 and December 9, with numerous domains causing traffic misdirection and redirection, soliciting donations, or promoting cryptocurrency investments.
• We also evaluated domain registration behavior associated with websites using the Pfizer, Moderna, Johnson & Johnson, Centers for Disease Control and Prevention, U.S. Food and Drug Administration, and World Health Organization brand names and their permutations as they appear in the URL. We found that 80% of the 350 domains containing these names were registered to third parties. Half of the domains posted no web content and were deemed dormant. Cybercriminals are known to use dormant domains as a strategy, turning them on just when they’re ready to launch an attack campaign. Of the dormant domains, most concerning is that nearly 33% are configured to send and receive email with active MX records, which can provide bad actors a launchpad to conduct malicious attacks against brands and consumers through phishing and malware attacks.
• The development of the COVID pandemic led to an explosion of infringements across the full suite of online channels. Bad actors took advantage of increased levels of COVID-related internet searches to drive traffic to their own web content, tricking users seeking information or support, or looking to make purchases. The range of online channels on which this content appears also highlights the importance of a holistic brand protection service covering as many of these channels as possible.