An INTERPOL assessment of the impact of COVID-19 on cybercrime has shown a significant target shift from individuals and small businesses to major corporations, governments and critical infrastructure.
A US court authorised Microsoft to take control of key domain names that were being used by cybercriminals preventing them for being used to execute cyberattacks Tuesday. These cybercriminals were taking advantage of the COVID-19 pandemic in an attempt to defraud customers in 62 countries around the world.
According to an analysis of the Netherlands’ 50 biggest brand names, the number of .nl domain names suspected of being used or intended for use in phishing has been increasing, but monitoring and intervention appears to be suppressing visible abuse such as phishing.
There have been 68,000 coronavirus-related domains registered since the beginning of the Coronavirus outbreak in January 2020 with an escalation in the number of coronavirus-related domains being registered since mid-February according to Check Point Research. In the past two weeks (since 2 April), there have been almost 17,000 new coronavirus-related domains had been registered (16,989 to be exact) with 2% found to be malicious and another 21% suspicious.
And with the pandemic now reaching almost every corner of the globe, many governments have announced economic stimulus packages, and as Check Point Research note on their recent glob post, “where there’s money, there will also be criminal activity. Hackers and threat actors want to cash in on the rush to get these vital payments and fill their own pockets at the expense of others. To do this, they are evolving the scam and phishing techniques that they have been using successfully since the start of the pandemic in January. Google recently reported that in just one week from 6 to 13 April, it saw more than 18 million daily malware and phishing emails related to Covid-19 scams – and that’s in addition to the 240 million daily spam messages it sees related to coronavirus.”
To take advantage of these stimulus packages, Check Point Research found 4,305 domains relating to new stimulus/relief packages have been registered since January with a total of 2081 new domains registered (38 malicious; 583 suspicious) in March and 473 (18 malicious, 73 suspicious) in the first week of April.
Check Point Research also observed a major increase in the week starting 16 March “during which the American government proposed the stimulus package to taxpayers. The number of new domains registered that week was 3.5 times higher compared to the average of previous weeks.”
“These scam websites use the news of the coronavirus (Covid-19) financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links. Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud.”
Check Point Research has also observed a rise in “scam websites that use the news of the coronavirus (Covid-19) financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links. Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud.”
For more information, or to see the Check Point Research blog post in full, go to: https://blog.checkpoint.com/2020/04/20/coronavirus-update-as-economic-stimulus-payments-start-to-flow-cyber-attackers-want-to-get-their-share-too/
Criminal activities continue to be an issue and challenge for the domain name industry, and itâs one of the main issues addressed in todayâs Q&A with Katrin Ohlmer, CEO and founder of DOTZON GmbH. Ohlmer cites it as a highlight and lowlight â a highlight because the industry is attempting to tackle domain name abuse and a lowlight with phishing, malware, botnets and pharming being threats to consumers putting the whole industry in a bad light and seemingly not interested in fixing the issue. Ohlmer also sees the growth in usage of .brand new gTLDs as another highlight while she says the whole domain industry could improve in terms of customer experience and customer-centric marketing and communications.
Domain Pulse: What were the highlights, lowlights and challenges of 2019 in the domain name industry, both for you and/or the industry in general?
A new awareness has been reached within the industry that many registries and registrars are responsible and taking actions against abuse, including the âFramework to Mitigate Abuseâ. We started to communicate our efforts better to the community and will continue these efforts in 2020.
We noticed a growing use of domain names of .brands including the likes of .audi, .dvag and .mma â all with well beyond 1,000 registered domain names. We spotted quite a number of .brand domains âin the wildâ – in print advertising, on vehicles and social media ads.
The ever-present existence of phishing, malware, botnets and pharming threats to consumers puts the whole industry in a bad light seemingly not interested in fixing this issue. The industry has to improve its communication activities within the community and to all stakeholders in 2020.
In 2020, we would like ICANN to focus again on their mission âto ensure the stable and secure operation of the Internet’s unique identifier systemsâ.
GDPR brought to our industry new challenges and burdens. GDPR and its consequences are an asset for our industry that personal data are not published anymore. Even though this negatively affects the interests of the trademark industry.
DP: What are you looking forward to in 2020?
KO: Iâm really looking forward to welcoming the ICANN community to Hamburg in Autumn and showcasing the broad use of .hamburg domain names in the city. With and ICANN meeting taking place only for the second time ever, it will be a great opportunity for the local and national Internet community to meet the ICANN community.
DP: What challenges and opportunities do you see for the year ahead?
KO: As the next round of new TLDs is still ahead of us, .brands including some of our customers have the opportunity to showcase the many usage scenarios which they have already implemented and will be implemented in 2020.
The whole industry has to increase their communication efforts about DNS Abuse to demonstrate that they take abuse seriously. Further debates are likely whether registries and registrars will mitigate abuse beyond DNS like counterfeiting, but hopefully ICANN will stay within its remits.
Further consolidation will happen between registries, registrars and vertically integrated groups. We might also see further investments from equity investment companies within the industry.
Tech trends like Artificial Intelligence, Bitcoin, Internet of Things will improve our industry â whether process-wise, with new products or communication channels.
The topic how ICANN will consider in its actions the Public Interest â not only at the Board level, but also within the wider community â will be a challenge. A first step has been made with the proposal drafted by the Board, and further activities will likely happen in 2020.
DP: How have new gTLDs fared in 2019?
KO: We observed that the diversity of TLDs being actively used across the globe is slowly but constantly increasing. Therefore we expect a steady uptake over the next few years and establishing the new gTLDs as a valid alternative to former TLDs.
A number of the new gTLDs are doing very well â they are chosen by users because they have a meaning like .realestate, .consulting and .rich, some provide local and regional identity to users like .berlin, .bzh and .nyc, and some represent the brand online like .audi, .google and .edeka. The more generic TLDs are, the less differentiation and meaning they have making it harder to develop a long-term value proposition beyond the price.
DP: What progress do you see on a new round of applications for new gTLDs in 2020?
KO: We are currently finalising the last open issues within the Subsequent Procedures PDP Working Group. I expect that the substantive progress of our ongoing work will continue in 2020, leading to a final report being sent to the GNSO Council and later to the ICANN Board for approval.
DP: What one thing would you like to see addressed or changed in the domain name industry?
KO: I tend to repeat myself: I still think the whole domain industry could improve in terms of customer experience and customer-centric marketing and communications including lower barriers to set-up a website, easing the whole domain registration process, and setting up an email account.
For decades, customers were attracted by prices. This led to many registrations with no or very limited usage. Now itâs time to encourage existing customers to use the product they bought and improve processes for new customers making it easier to bring their website with their new domain online.
Previous Q&As in this series were with:
ICANN is alerting the community to a phishing scam that involves emails sent from “email@example.com” sent to ICANN contracted parties.
The firstname.lastname@example.org email address, for example, is not a valid ICANN organisation email address. Contracted parties may have recently received emails from “email@example.com”, which is a valid ICANN org email address. If you receive an email from the “firstname.lastname@example.org” address, or any other suspicious email address, do not respond. Please forward the email in its entirety to email@example.com.
ICANN has a resource on phishing scams at icann.org/resources/pages/phishing-2013-05-03-en.
According to the FBI, U.S. businesses alone suffer from nearly $343k in damages every hour from phishing â and this number has been rising year over year for the last five years. Join Ben April, Chief Technology Officer at Farsight and Corin Imai, Senior Security Advisor at DomainTools for this 30 minute webinar on a real-world DNS forensic investigation. Starting with a single IOC (indicator of compromise), they will step through how to pivot through domain infrastructure to build intelligence of associated malicious activity.
March 26, 2019 at 10 AM PT/1 PM ET
In this webinar, you will learn:
- How to take an IOC and pivot on supporting threat intelligence
- Where pDNS can uncover cybercrime forensics data
- When to leverage DomainTools and Farsight to build an investigation
To register for this free webinar, go to:
Some of the TLDs with the highest levels of domain names used for phishing are in ârepurposedâ ccTLDs â those where management rights have been granted to third parties who have then commercialised the TLDs, according to the latest Phishing Activity Trends Report for the third quarter of 2018 from the Anti Phishing Working Group. Among those with the highest levels are .tk, .ml, .ga, .cf and .gq who are all operated by a Dutch company that offers domain names in those TLD for free, while .pw is operated by a company based in India. But there are also ccTLDs with a higher than expected number of phishing domain names outside this description such as .br, .ru, .in and .au.
The TLD with the most phishing domain names was unsurprisingly .com which had 922 domain names (out of a total 137.6 million), followed by .org with 80 out of 10.3 million and then .net with 78 out of 14.1 million. They were followed by .pw with 53 phishing domain names, .info (43 out of 5.0 million) and .br (41 out of 4.0 million). The first new gTLD on the list, .xyz, was seventh with 30, .ml an d.ru (28), .in and .tk (24 out of 21.5 million), .ga and .uk (23 out of 11.9 million), .cf and .gq (22), .au and .top (20 out of 3.2 and 3.9 million respectively) while .business (17 out of 63,000) and .agency and .co (15 each out of 64,000 for .agency) rounded out the top 20.
âSometimes it is easy to discount the total volume of abuse in a TLD if the TLD hasa large number of domains in it,â said Jonathan Matkowsky of RiskIQ. âWe assigned a weighted score against the total number of domains in each zone, looking at TLDs where there were at least five unique domain names used for phishing, as a way of understanding the size of the zone and the phishing prevalence in it. After discounting the number of unique hosts by the relative size of those zones, .TOP and .XYZ were still the new gTLDs that scored highest.â
There has also been a growth in websites using web addresses with https, which is supposedly more secure. APWG notes that at the end of 2016, less than 5% of phishing sites were found on HTTPS infrastructure. In the third quarter of 2018, PhishLabs saw the number of phishing web sites using SSL/TLS encryption increase to 49.4%, up from 35.2% in the second quarter.
âThis is likely a result of attackers obtaining certificates for use on their own infrastructure , and in general, as more legitimate Web sites obtain SSL certificates, some of those will naturally become compromised by phishers,â John LaCour , the Chief Technology Officer of PhishLabs noted. âAs of July 2018, the Google Chrome browser began to warn users that plain HTTP sit es are ânot secure â, and that will drive more web site owners to use HTTPS . So over time we expect that most phishing sites will use SSL certificates . Certificate authorities that offer free certificates will be increasingly abused by phishers in the future.â
2018 isnât over and we have already seen a massive increase in the number and types of cybersecurity threats from ransomware to phishing. So what will 2019 bring and what can be done to prevent the next wave of cyber attacks?
Join subject matter experts from DomainTools in a lively discussion of whatâs next for information security. CTO Bruce Roberts, Director of Product Management, Tim Helming, Senior Security Advisor, Corin Imai, and Senior Data Scientist, Sean McNee will conduct a round-table discussion on their information security predictions. Highlights include:
- Letâs Get Critical (The political process is the new critical infrastructure under attack)
- Breaches and Woes (Change in public perception of breaches)
- The Automation Invasion (Automation will continue to create more issues than solutions if organizations)
- Mind the (Skills) Gap
December 11, 2018 at 10 AM PT/1 PM ET
To register for this free DomainTools webinar, go to:
According to the FBI, U.S. businesses alone suffer from nearly $343k in damages every hour from phishing â and this number has been going up year over year for the last five years. Phishing by definition is a fraudulent attempt to gain access to sensitive data and leverage such data for malicious purposes. Most commonly this is done by disguising malicious links to distributed malware.
In this webinar, Corin Imai, Senior Security Advisor at DomainTools will take a look at the steps to executing a phishing attack and the potential ways to help mitigate the risk.
November 14, 2018 at 10 AM PT/1 PM ET
In this webinar, you will learn:
- Real world examples of attacks leveraging phishing vectors
- 5 steps of executing a phishing attack – if I can do it, surely anyone can
- 5 ways to mitigate your risk of a phishing attack
To register for this webinar, click here.