Security Concerns About Outburst Of COVID-19 Vaccine-Related Domain Names

Security Concerns About Outburst Of COVID-19 Vaccine-Related Domain Names

The topic of COVID-19 vaccines has drawn much attention, including in the cybersecurity sector. Spikes in domain registration activity, detected recently, hint a probable increase in phishing attacks.

When various countries started their vaccination campaigns in 2020, purchases of domains with the word “vaccine” sharply peaked. 

The trend was first noticed back in August 2020, when the Typosquatting Data Feed saw dozens of Sputnik-related domain names shortly after Russia’s announcement about the new Sputnik vaccine.

Similarly, the number of domains featuring the word “vaccine” increased by almost 100% in the month after the first Pfizer COVID-19 vaccine was administered to a patient.

Webroot, an American cybersecurity software company, observed that from December 8 through January 6, 94.8% more domain names with “vaccine” in them were registered compared with the previous month.

Within last year, over 12,000 domains related to the COVID-19 vaccine were registered. Many are bought for legit reasons but many of them need to be treated with caution. 

Using their own tool Newly Registered Domains (NRD) Database, researchers at CybercrimeMagazine found 12,436 domain names were registered that contain the word “vaccine.”

Other terms used in the domain names included vaccination, vaccinate, covid, coronavirus, freezer, clinic, trial, tracker, and certificate. Sixty-four percent of those domains were registered under the .com top-level domain. This may be an indication that the bad actors want to target mostly commercial domains. 

In fact, some of the vaccine-related domains have already been reported on VirusTotal for suspicious activities like phishing. For example, this group of domains bulk-registered in August, 2020:

  • covid19vaccinedistributors[.]com
  • covid19vaccinedistributor[.]com
  • covid19vaccinedistribution[.]com

So what does all this tell us?

Due to increased interest in coronavirus-related topics, people more often visit such websites for information, for services, etc. Such vaccine-related domains should be visited with double care as they may present phishing and other threats.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.