COVID-19 website registrations hitting 4,000 per day
Domain registrations related to the COVID-19 crisis have surged since January 1, 2020, but the work of some registries and registrars has begun to reduce volume.
More than 100,000 related domains have been registered since the start of the year. In the week following the World Health Organization’s declaration of COVID-19 as a pandemic, daily registrations doubled to more than 4,000 per day.
While the majority of domain registrations are speculative in nature, there are also thousands of newly-registered domains that are active threats, according to Clarivate Analytics.
Malicious registrations
The most concerning registrations are those used as an attack vector for phishing/malware threats. According to Clarivate, lowlights include ransomware attacks on hospitals, state-sponsors phishing campaigns and attackers impersonating university health services for credential-stealing.
However, registry reactions have been uneven.
Chris Melka, MarkMonitor programme manager at Clarivate, says: “When it comes to country code top-level domain (ccTLD) registries, you’re looking at myriad different registration policies. Every country has its own policies, with each of them making a determination about whether they are going to take any action.”
The .UK registry Nominet has escalated monitoring measures to allow for quick action to be taken against the inappropriate use of pandemic-related .UK domains.
According to Melka, the UK example attempts to “walk the line”, where it is still trying to adhere to the core principle that underlines the domain space—free speech—and instead of actively blocking registration from the front-end, Nominet is analysing the domain post-registration to try to identify any malicious usages.
China stands as a contrary example. “The Chinese TLD itself is a lot more restrictive and the government has a lot more to say than in many other countries,” says Melka.
He adds: “Normally .CN is heavily filled with speculation, with aggressive targeting by bad actors in this space. But, China has aggressively blocked COVID-19 registrations on the front-end.” This sort of front-end blocking is controversial, and leads to larger questions of an open internet versus harm reduction.
Consistent global action by registries will not occur, so the ability to quickly identify threats across all top-level domains (TLD) spaces will remain spotty, he concludes.
With ad hoc treatment of registrations by registries and registrars, much of the mitigation has fallen to information security teams and security researchers, and numerous cooperative efforts have sprung up to identify and combat the most pressing threats.
Government and business registrations
Governments and non-governmental organisations have leveraged pre-existing web properties such as the US and European Centre for Disease Prevention and Control sites and who.int.
Meanwhile, business registrations are primarily occurring in the large enterprise space, with most falling into the strictly defensive category.
“There’s very little activity related to businesses that are registering or utilising COVID-19/coronavirus-based domain names for proactive use, such as to create awareness for a campaign,” says Melka.
Most businesses, he adds, are registering a few domain names here and there, although a minority are registering a few hundred domain names.
The majority of identified active usages are by media organisations hosting informational sites. Clarivate did find one dedicated site—Mayer Brown’s use of covid19.law, for a dedicated legal analysis website.
Speculative registrations
More than 90% of the 100,000 pandemic-related domain registrations have been registered by domain speculators looking to monetise those registrations via pay-per-click revenue or re-sale.
“Encouragingly, an assortment of registrars and aftermarket resale platforms have taken action to review recent registrations for evidence of bad actors, or even to preemptively block registrations and/or sale listings,” says Melka.
Did you enjoy reading this story? Sign up to our free daily newsletters and get stories sent like this straight to your inbox.
Today’s top stories
World IP Day: how IP can go green
Already registered?
Login to your account
If you don't have a login or your access has expired, you will need to purchase a subscription to gain access to this article, including all our online content.
For more information on individual annual subscriptions for full paid access and corporate subscription options please contact us.
To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.
For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Adrian Tapping at atapping@newtonmedia.co.uk