The coronavirus pandemic has also impacted the domain industry: every day more new coronavirus-related domains are registered in various domain zones. It was reported at that from January to March 5, 2020 about 4,000 domain names related to the coronavirus or pandemic were registered. To date, hundreds and even thousands of coronavirus-related domains are being registered every single day, with part of them leading to fraudulent or malicious websites.
This trend can also be seen in Russia. For example, from January 1 to March 27, 2020, 1,310 and 324 domain names with keywords “corona,” “covid,” “virus,” “корона,” “ковид,” and “вирус” were registered in .RU and .РФ, accordingly. All told, there are 1,634 such domain names in the Russian ccTLDs.
The picture shows that the coronavirus-related domain registrations in .RU and .РФ peaked on March 17 and 18. The Schengen zone closed its border precisely on March 17, and on that same day Moscow announced that all the schools would be put under quarantine until April 12. Any events with 50 or more people would be banned, while Russia closed its borders for foreigners’ entry until May 1. It is the first time ever that Russians have had to face such unprecedented safety measures, and, as expected, a lot of domain names on this very topic have surfaced in the Russian domain space. It is noteworthy that on March 25, when President Vladimir Putin addressed the nation, there was no spike in registration activity. It can be well seen in .RU: it looks like there are no more opportunities to register such domain names there.
Of course, most of these domain names lead to resources that help to counter the pandemic, such as стопкоронавирус.рф with the latest information on the spread of the coronavirus in Russia and the measures being taken; мывместе2020.рф, where everyone can offer help, become a volunteer or learn something useful (over just two days since its launch over 700 companies and organizations offered their help during the coronavirus pandemic); or доступвсем.рф on free online services, and many others. However, there may be fraudulent websites among the coronavirus-related ones.
This can be seen from the data published by Reuters. For example, according to Alexander Urbelis, cybersecurity expert from Blackstone, a legal group based in New York monitoring suspicious domain registration activities on the internet, a malicious website was found in mid-March, which imitated the internal WHO email system. “It was a direct attack against the World Health Organization in the middle of the pandemic,” Urbelis said. The WHO’s cybersecurity experts confirmed that this website was used for an attempt to steal passwords from several employees.
According to Urbelis, his firm is monitoring up to 2,000 coronavirus-related websites on a daily basis, and many of them are clearly malicious. “I have never ever seen anything quite like it,” he adds.