The topic of COVID-19 vaccines has drawn much attention, including in the cybersecurity sector. Spikes in domain registration activity, detected recently, hint a probable increase in phishing attacks.
When various countries started their vaccination campaigns in 2020, purchases of domains with the word “vaccine” sharply peaked.
The trend was first noticed back in August 2020, when the Typosquatting Data Feed saw dozens of Sputnik-related domain names shortly after Russia’s announcement about the new Sputnik vaccine.
Similarly, the number of domains featuring the word “vaccine” increased by almost 100% in the month after the first Pfizer COVID-19 vaccine was administered to a patient.
Webroot, an American cybersecurity software company, observed that from December 8 through January 6, 94.8% more domain names with “vaccine” in them were registered compared with the previous month.
Within last year, over 12,000 domains related to the COVID-19 vaccine were registered. Many are bought for legit reasons but many of them need to be treated with caution.
Using their own tool Newly Registered Domains (NRD) Database, researchers at CybercrimeMagazine found 12,436 domain names were registered that contain the word “vaccine.”
Other terms used in the domain names included vaccination, vaccinate, covid, coronavirus, freezer, clinic, trial, tracker, and certificate. Sixty-four percent of those domains were registered under the .com top-level domain. This may be an indication that the bad actors want to target mostly commercial domains.
In fact, some of the vaccine-related domains have already been reported on VirusTotal for suspicious activities like phishing. For example, this group of domains bulk-registered in August, 2020:
- covid19vaccinedistributors[.]com
- covid19vaccinedistributor[.]com
- covid19vaccinedistribution[.]com
So what does all this tell us?
Due to increased interest in coronavirus-related topics, people more often visit such websites for information, for services, etc. Such vaccine-related domains should be visited with double care as they may present phishing and other threats.
