The COVID-19 pandemic introduced novel incentives for adversaries to exploit the state of turmoil. As we have witnessed with the increase in for instance phishing attacks and domain name registrations piggybacking the COVID-19 brand name. In this paper, we perform an analysis at Internet-scale of COVID-19 domain name registrations during the early stages of the virus’ spread, and investigate the rationales behind them. We leverage the DomainTools COVID-19 Threat List and additional measurements to analyze over 150,000 domains registered between January 1st 2020 and May 1st 2020. We identify two key rationales for covid-related domain registrations. Online marketing, by either redirecting traffic or hosting a commercial service on the domain, and domain parking, by registering domains containing popular COVID-19 keywords, presumably anticipating a profit when reselling the domain later on. We also highlight three public policy take-aways that can counteract this domain registration behavior.
|Title of host publication||12th International Conference on Information and Communication Systems (ICICS)|
|Number of pages||8|
|Publication status||Published - 2021|