CSC Research Finds Third Parties Continue to Lay Groundwork for Malicious Activity Among Thousands of COVID-Related Domains
For immediate release
January 25, 2022
For more information:
Steve Bosk
W2 Communications
CSC@w2comm.com
215-378-1056
CSC®New Room
Driven by CSC's innovative DomainSecSM platform, new insights provide details on COVID-19 online threats
WILMINGTON, Del. – CSC®, a world leader in business, legal, tax, and domain security, today announced key findings from its new report, which found that nearly 500,000 web domains were registered since January 2020 containing key COVID-related terms. Many of these web domains can pose threats to brands and consumers due to their registration patterns and behaviors. This research is part of CSC's latest report, "Two Year Analysis: The Impact of COVID-19 on Internet Security and Safety."
The report's findings are gathered using CSC's newly launched DomainSec platform, which makes the connections between newly registered, dropped, and existing domain names, online brands, and fraud (phishing). DomainSec is the first of its kind to deliver a holistic approach for securing and defending brands' domain portfolio ecosystems. It uses proprietary technology combined with machine learning, artificial intelligence, and clustering technology to generate invaluable security insights to help thwart brand abuse and cybersecurity incidents.
CSC identified a pattern of peaks and valleys (heuristics) with surges of domain registrations associated each time there was an important COVID-related news event. Most recently, the onset of Omicron saw additional disturbing behavior. While nearly 1,200 domains registered in 2021 included Omicron as a keyword, 832 were registered (70%) in a two-week timeframe between November 26 and December 9, with numerous domains causing traffic misdirection and redirection, soliciting donations, or promoting cryptocurrency investments.
Furthermore, CSC also evaluated domain registration behavior associated with websites using the Pfizer, Moderna, Johnson & Johnson, Centers for Disease Control and Prevention, U.S. Food and Drug Administration, and World Health Organization brand names and their permutations as they appear in the URL. CSC found that 80% of the 350 domains containing these names were registered to third parties. Half of the domains posted no web content and were deemed dormant; cybercriminals are known to use dormant domains as a strategy, turning them on just when they're ready to launch an attack campaign. Of the dormant domains, most concerning is that nearly 33% are configured to send and receive email with active MX records, which can provide bad actors a launch pad to conduct malicious attacks against brands and consumers through phishing or malware attacks.
"At CSC, we believe domain security intelligence is power. The surge in COVID-related domain registrations in the last two years shows how bad actors are taking advantage of major public events," says Ihab Shraim, chief technology officer of Digital Brand Services at CSC. "In today's digital economy, domain name related cybercrime is exponentially rising and impacting organizations, customers, partners, and the connected internet supply chain. Through our cutting-edge DomainSec platform, key decision makers can obtain accurate domain security insights that analyze and mitigate threat vectors targeting their domain name portfolios and associated online brands."
To access the full report and additional details, visit our website.
About CSC
CSC is the trusted provider of choice for the Forbes Global 2000 and the 100 Best Global Brands® in enterprise domain names, domain name system (DNS), digital certificate management, as well as digital brand and fraud protection. As global companies make significant investments in their security posture, CSC can help them understand known cybersecurity blind spots that exist, and help them secure their online digital assets and brands. By leveraging CSC's proprietary technology, companies can solidify their security posture to protect against cyber threat vectors targeting their online assets and brand reputation damage, helping them avoid devastating revenue loss, and significant financial penalties because of policies like the General Data Protection Regulation (GDPR). CSC also provides online brand protection–the combination of online brand monitoring and enforcement activities–taking a holistic approach to digital asset protection, along with fraud protection services toward combatting phishing. Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are–and we accomplish that by employing experts in every business we serve. Visit cscdbs.com.