Regular monitoring of the .RU and .РФ national domain register conducted by the Coordination Center for TLD .RU/.РФ shows that the number of registrations related to COVID-19 and containing the epidemic has been on the decline. The purpose of the research is to identify suspicious domain names and reduce the harm they could cause, through cooperation with competent organizations.
Over the past week, the .RU domain has added 101 “corona domains,” and .РФ added 18, for a total of 119 domain names, which is significantly lower than the previous week’s number, when 167 coronavirus-related domains were registered in .RU and .РФ.
Over the entire monitoring period (January 1 to May 27, 2020), the list of domain names containing words like “сorona,” “covid,” “pandemia,” “корона,” “ковид,” “пандемия” and others has gained 3,472 new domain names in .RU and 785 in .РФ. The total number of coronavirus-themed registrations in the Russian national domains since January has now reached 4,257.
The number of domain names related to the child support currently provided by the government because of the pandemic also remains low. Only 4 domain names have been registered in the past week, all in .RU. In total, there are 66 domain names featuring such words as “выплата,” “vyplata,” “пособие,” and “posobie” (all meaning “benefits” in Russian) in the Russian country-level domains (16 in .РФ and 50 in .RU).
Kaspersky Lab, a competent organization and participant in the Coordination Center’s Netoscope research and development project, flagged 1,856 coronavirus-related domain names (1,558 in .RU and 298 in .РФ) and 6 domain names in .РФ related to child benefits as being a potential data loss threat in its cybersecurity products. The number of flagged domains has increased by 5 since the previous check.
Internet security experts issued the following recommendations to those who want to protect their devices against cybercriminals now during the pandemic and in the future. Each device that has access to the internet must have antivirus software installed on it. You should never enter your account credentials or online banking information on websites that do not support encrypted data transfer (the URLs of those that support encryption start with “https://”). Always check domain names for typos, and never open executable files (.exe) from spam emails. Users should only rely on official sources when searching for information about the coronavirus (in Russia it is стопкоронавирус.рф).
If you came across a scam website, read our guidelines here.
