A 93% increase in malicious COVID-related domains created using the word ‘Travel’ has been detected in the first three months of 2021 by threat intelligence firm Webroot.

Analysis from its real-time anti-phishing protection system demonstrated that cyber-criminals have increasingly sought to leverage the topic of international travel amid the rapid rollout of COVID-19 vaccines this year. Debates surrounding the resumption of foreign travel and the use of vaccine passports have been a major source of news headlines in the first few months of 2021, and malicious actors appear to have responded in kind.

Compared to the previous 30 rolling days, Webroot said there was a 79% increase in the word ‘Passport’ in malicious COVID-related domains in March 2021. This represents an enormous 3900% increase compared to June 2020.

Additionally, from February 22, which was the date the UK Prime Minister Boris Johnson announced the lockdown easing roadmap, a 169% rise in malicious domains using common travel/holiday search terms including ‘weekend break’, ‘cheap’ and ‘last minute’ was detected.

Interestingly, malicious domains created using the word ‘testing’ or ‘toolkits’ fell by 71% between January 1 and March 29 2021.

The findings further demonstrate how cyber-criminals have continuously adapted to new developments throughout the pandemic to launch phishing and domain spoofing attacks. Other examples include the sales of PPE equipment, government financial relief programs and vaccines.

Nick Emanuel, senior director of product at Webroot, commented: “The length and duration of the pandemic has allowed hackers an extended opportunity to hone and craft their domains. The language used in these malicious domain names is highly reflective of current trends, and key events like travel bans introduced globally have a direct impact on how hackers create resources to trick people.”

He added: “Similarly, the decrease in terminology related to ‘testing’ and ‘testkit’ correlates with the introduction of a comprehensive school testing regime in the UK and we believe the strong supply and ease of obtaining a test has cut down opportunities for scammers on this specific topic. Both examples demonstrate how cyber-criminals are carefully grooming news and creating domains that will have a higher percentage of hits.”

Leave a Reply