View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Domain Registries Ramp Up Fight Against Malicious Coronavirus Sites, Following 11,309 Registrations

"COVID" and "coronavirus" domain registrations have surged

By claudia glover

Europe’s .eu domain registry manager says it is rolling out tough new systems designed to “prevent the registration of suspicious domain names”.

EURid, which works with 700 registry managers globally to let EU residents or citizens register .eu, .ею or .ευ domains, is baking the checks into its Abuse Prevention and Early Warning System (APEWS) in a bid to fight fraud and cybercrime.

The move comes after security researchers identified over 6,000 COVID-19 or coronavirus-related domains being registered in a single week. (Digital Shadows told Computer Business Review this week that 11,309 domains had been registered using the words “coronavirus” or “covid” since early January).

EURid will search new registrations for those with a pandemic-related word. Those identified as having one will be “required to validate their data and to submit a statement confirming that their domain was registered in ‘good faith'”.

It was not immediately clear what EURid meant by “validate”.

Cyber Threat Intelligence Team Lead at Digital Shadows Dr Jamie Collier explained the action undertaken by EURid further:

“Threat actors have attempted to capitalise on the public interest and concern in COVID-19 by registering domain names that contain keywords related to the pandemic. These are then used to either host malicious websites or distribute pandemic-themed phishing emails.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

“The measures unveiled by EURid are an attempt to prevent enticing COVID-19 domains from ending up in the wrong hands. This has included the introduction of a more rigorous vetting process around the individuals and organisations registering COVID-19 themed domain names”.

Read This! Coronavirus-Related Domain Registrations Rise 6,000 in a Week

These added checks will be applied to both existing registrations and newly registered domains, and will be implemented until the end of the second quarter of 2020 with the possibility of continuation, subject to a quarterly review by the European Commission.

Suspect online domains meanwhile will  be suspended, and any services linked to it, such as a website or an email, will not function until it has been manually reviewed by the EURid. The registry manager will then request the registrant to confirm their application data and to submit evidence of their identity.

Other Registrars are Undertaking the Same Measures

UK domain registrar Nominet has suspended 600 suspicious coronavirus websites in 2020’s first quarter. This spike in malicious activity has led them to apply the same level of scrutiny to domains with coronavirus key words as EURid.

Nominet use algorithms to seek out the attempted registration of potentially malicious domains linked to Coronavirus, and then man power to evaluate the registrants, contacting them in person where necessary.

The Internet Corporation for Assigned Names and Numbers (ICANN) meanwhile  has announced that it will be invoking the 2012 Registrar Accreditation Agreement for a second time, which allows registrars to keep their domain without renewing their registration, in light of the pandemic.

This will help the prevention of malicious domain registrations by keeping potentially attractive domains to threat actors off the market if they expire.

Dr Jamie Collier, Cyber Threat Intelligence Team Lead at Digital Shadows said: “Organisations remain largely responsible for detecting and blocking phishing emails targeting their network. This is typically done through a combination of security controls and phishing awareness campaigns.

“However, domain name registrars can still play an important role in complementing these organisation-led efforts. EURid’s refreshing approach will help limit the growth of the COVID-19 phishing ecosystem. The new measures introduced highlight how a variety of stakeholders can actively contribute to improving cyber security.”

The First Patch Tuesday of the WFH Era: It’s VPN + Home Broadband Fun Time

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.