More than 6,000 Covid-19 and coronavirus-related web domains have been registered in the past week, security researchers say, with large numbers of them malign.
According to a report released by software company Check Point, in the past three weeks alone, more than 2,200 of these new sites were found to be suspicious and 93 were confirmed as malicious and dangerous to visitors.
Since the beginning of January, when the initial outbreaks were being reported, over 16,000 new coronavirus-related domains have been registered.
What Should You Be Looking Out For?
Many of the malign domains are trying to attract those panic-buying.
Two that have been found to be malicious are “buycoronavirusfacemasks.io” and “betacoronavirusvaccine.io”. (Dear readers, please don’t visit them…)
Many are delivering ransomware to endpoint devices. CovidLock is a typical example.
Covid-Lock seizes control of the device by luring the victim into enabling accessibility to up to date Covid-19 statistics. A lock screen will then appear with a message that threatens the wiping of their device unless they pay $300 in bitcoin.
Alex Guirakhoo, a strategy and research analyst at Digital Shadows outlined these dangers to Computer Business Review:
“Domain impersonation is rife and criminals will always seek to capitalise on a crisis. Domains can be bought for around a £1 or even less sometimes with likely no checks from the provider. Whilst many organisations will probably use a common top level domain such as .com .org or .gov, wannabee criminals could purchase something like “.io” and use this to lure unsuspecting people to a malicious website or use that domain for phishing exercises.
“Many of these malicious domains are impersonating the World Health Organisation and healthcare organisations. Domains like these can be used to spread misinformation, host phishing pages, impersonate legitimate brands, and sell fraudulent or counterfeit items”.
Scammers may use fake emails or texts to get you to share valuable personal info — like acct numbers, SSNs, or your login IDs and passwords. Here’s a real-world example of phishers pretending to be @WHO. Learn more: https://t.co/8DShYHJJnY #Coronavirus #COVID19 5/8 pic.twitter.com/RtL9EJBSsY
— FTC (@FTC) March 19, 2020
Where do Threat Actors Get the Tools?
The dark web has also been alive with coronavirus related activity. Special offers by different hackers promoting their goods, usually malicious malware or exploit tools, are being sold over the dark net under offers with COVID-19 or coronavirus as discount codes, targeting wannabe cyber-attackers.
Examples of these were released by cybersecurity company Digital Shadows yesterday. One reads: “Corona Virus Discount! 10% off ALL products” another showcasing goods at special rates called “WinDefeder bypass” and “Build to bypass email and chrome security”.
In the past month alone, there has been a 738 percent increase in the number of COVID-19-related terms on dark web sources.