On July 7, a meeting called “The coronavirus in domains: How the internet survived the lockdown” organized by the Coordination Center for TLD .RU/.РФ with support from ICANN took place at RIF.Online. The participants discussed the results of shifting to remote work: inevitable cyberthreats, the rate of coronavirus-related domain registrations, the peak in internet crime and new methods for social engineering during the pandemic.
The meeting was opened by Coordination Center Director Andrei Vorobyov.
“The COVID-19 pandemic has resulted in a large spike in the use of internet technologies in everyday life. And, of course, the load on the entire internet infrastructure: for example, telecommunications operators had to decrease the quality of the traffic to deliver it to users, because many operators’ traffic volumes tripled this spring. Unfortunately, the number of internet crimes has increased too, as well as the number of websites with malicious activity. We have noted significant growth in thematic domain registrations in the industry,” Andrei Vorobyov noted. He also spoke about the work of Coordination Center experts, competent organizations and accredited registries in reviewing the Central Bank’s proposed amendments to the Federal Law on Information, Information Technologies and Information Protection and called for further work on improving Russian users’ digital hygiene.
Mikhail Anisimov (ICANN) talked about how global internet infrastructure has taken on the growing load on key components as a result of the massive shift to remote work.
“The biggest problem that users all over the world are facing during the pandemic is the enormous amount of phishing. Moreover, this problem is not only technical, but also largely social. The lack of awareness of events, fears and concerns – all this played into the hands of fraudsters,” said Mikhail Anisimov. He analyzed the rate of coronavirus-related registrations in the top-level domain zones, including Cyrillic. According to ICANN, more than 70,000 such names were registered from the beginning of March to the end of May, and more than 6,000 of them turned out to be malicious. This has changed domain registration policy: some registries have introduced domain pre-moderation, and ICANN has launched the special Asclepius project to pre-analyze and identify potentially dangerous domains. Anisimov noted that the Coordination Center for TLD .RU/.РФ took part in this project and quickly responded to requests on Russian national domains.
The pandemic significantly affected the DNS system, which was the main theme of Pavel Khramtsov’s report (MSK-IX). He talked about the experience of ZSK rotation in the root zone and ccTLDs zones during the pandemic, which could not be called successful: the process requires the presence of crypto-officers in person, and due to the lockdown introduced in most countries it was not possible to ensure participation. He also noted that during the pandemic, the “chemistry of knowledge transfer” from one IT specialist to another was lost.
Olga Baskakova (Coordination Center for TLD .RU/.РФ) described how.RU and .РФ survived the lockdown: the rate of coronavirus-related registrations in ccTLDs, related organizations’ work during the pandemic, and international practices to counter malicious domains.
“The number of coronavirus-related domains started increasing in March and peaked on March 17 with 177 coronavirus-related registrations in .RU and .РФ in one day. Today we can see a significant drop in such registrations, and we hope there will be no second wave,” Olga Baskakova. She also noted the Coordination Center’s hard work to prevent malicious activity in ccTLDs in cooperation with competent organizations. In June alone, experts from 10 current organizations notified registries of 1,200 suspicious domain names.
Kaspersky Lab played a special role: they checked almost 2,500 domains in the Russian ccTLDs sent for confirmation following Coordination Center monitoring. About 1,800 domains were deemed “unreliable” and flagged for the threat of data loss. Kaspersky Lab’s Sergei Golovanov noted in his speech that recent trends showed that the total number of cyberthreats continued to decrease. For example, according to Kaspersky Lab, the possibility of coming across malicious activity on the Russian internet is about 20 percent, while in 2012, when the Netoscope project was launched, it was 75 percent.
“However, the pandemic forced adjustments, and the number of cyberthreats increased sharply around the world in the spring,” Golovanov said. During the lockdown, there was a surge in the number of attacks and fraudulent websites: the number of detected DDoS attacks increased by 80 percent, fraudulent phone calls by 25 percent, and 75 percent of pandemic webpages were blocked by Kaspersky Lab as fraudulent. According to Sergei Golovanov, this is temporary, and the general trend will remain the same: the level of cyber risk will continue to drop.