CSC research finds third parties continue to lay the groundwork for malicious activity across thousands of COVID-related domains

Wilmington, Delaware, USA:

CSC, a global leader in business, legal, tax and domain security, today announced key findings from its new report, which found that nearly 500,000 web domains have been registered since January 2020 containing key terms related to COVID. Many of these web domains can pose threats to brands and consumers due to their registration habits and behaviors. This research is part of CSC’s latest report, “Two Year Analysis: The Impact of COVID-19 on Internet Security and Safety”.

This press release is multimedia. Read the full press release here:

(Graphic: Business Wire)

Report findings are collated using CSC’s new DomainSecSM platform, which connects newly registered, abandoned and existing domain names, online brands and fraud (phishing). DomainSec is the first of its kind to provide a holistic approach to securing and defending brands’ domain portfolio ecosystems. It uses proprietary technology combined with machine learning, artificial intelligence, and clustering technology to generate invaluable security insights to help thwart brand abuse and cybersecurity incidents.

CSC identified a peaks and valleys (heuristics) pattern with associated increases in domain registrations whenever there was a significant COVID-related news event. More recently, the appearance of Omicron has seen additional disturbing behavior. While nearly 1,200 domains registered in 2021 included Omicron as a keyword, 832 (70%) were registered within two weeks between November 26 and December 9, with many domains causing misdirection and redirection traffic, soliciting donations or promoting cryptocurrency investments.

In addition, CSC also assessed domain registration behavior associated with websites using the brand names Pfizer, Moderna, Johnson & Johnson, Centers for Disease Control and Prevention, US Food and Drug Administration, and World Health Organization and their permutations as they appear in the URL. CSC found that 80% of the 350 domains containing these names were registered with third parties. Half of the domains published no web content and were deemed inactive; Cybercriminals have been known to use dormant domains as a strategy, activating them just when they are ready to launch an attack campaign. Of inactive domains, of most concern is that nearly 33% are configured to send and receive email with active MX records, which can provide malicious actors with a launching pad to carry out malicious attacks against brands and consumers through phishing or malware attacks.

“At CSC, we believe that domain security intelligence is power. The surge in COVID-related domain registrations over the past two years shows how bad actors take advantage of major public events,” says Ihab Shraim , Chief Technology Officer of Digital Brand Services at CSC, “In today’s digital economy, domain name-related cybercrime is growing exponentially and impacting organizations, customers, partners and the connected internet supply chain.Through our state-of-the-art DomainSec platform, key decision makers can gain accurate domain security insights that analyze and mitigate threat vectors targeting their domain name portfolios and associated online brands .

To access the full report and additional details, visit our website.

About CSC

CSC is the trusted supplier of choice for the Forbes Global 2000 and Top 100 Global Brands® in enterprise domain names, domain name system (DNS), digital certificate management, as well as digital brand and fraud protection. As global enterprises invest heavily in their security posture, CSC can help them understand known cybersecurity blind spots and help secure their digital assets and online brands. By leveraging CSC’s proprietary technology, businesses can strengthen their security posture to protect against cyber threat vectors targeting their online assets and brand reputation damage, helping them avoid a devastating loss of revenue. and significant financial penalties due to policies such as the General Data Protection Regulation (GDPR). CSC also provides online brand protection – the combination of online brand monitoring and enforcement activities – taking a holistic approach to digital asset protection, as well as fraud protection services for fight against phishing. Based in Wilmington, Delaware, USA, since 1899, CSC has offices in the USA, Canada, Europe and the Asia-Pacific region. CSC is a global company that can do business wherever its customers are, and we do this by employing experts in every business we serve. Visit

Comments are closed.