Attackers Will Always Abuse Major Events in our Lifes
All major events in our daily life are potential sources of revenue for attackers. When elections or major sports events are organized, attackers will surf on these waves and try to make some profit or collect interesting data (credentials). It's the same with major meteorological phenomena. The hurricane "Ida" was the second most intense hurricane to hit the state of Louisiana on record, only behind "Katrina"[1].
I had a quick look at the recently created domains in the ".com" TLD. First I searched for domains that contain the word "hurricane":
Registrations compared to last months:
Month | Registrations |
August | 109 |
July | 102 |
June | 66 |
May | 63 |
Now let's have a look at registrations based on "hurricane" and "ida":
Month | Registrations |
August | 15 |
July | 0 |
June | 0 |
May | 0 |
Here is the list of domains registered in August:
hurricaneidahelp.com hurricaneidarelief.com hurricaneidafund.com hurricaneida2021.com hurricaneidaclaim.com hurricaneidadamage.com hurricaneidarecovery.com hurricaneidaadjuster.com hurricaneidalaw.com hurricaneidalawyers.com hurricaneidamoney.com hurricaneidapublicadjusters.com hurricaneidapublicadjusting.com idahurricane.com idahurricaneclaims.com
I did a quick check on those domains. Most of them are still parked domains at this time (they don't serve any content), another one is a redirect to a lawyer's company pretending to help you to get your money back in case of an accident.
Please be careful when looking for information about such major events, always cross-check the domain reputation to avoid problems.
[1] https://en.wikipedia.org/wiki/Hurricane_Ida
Xavier Mertens (@xme)
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key
Reverse-Engineering Malware: Advanced Code Analysis | Singapore | Nov 18th - Nov 22nd 2024 |
Comments
Anonymous
Sep 6th 2021
3 years ago
to search for a keyword: https://isc.sans.edu/api/recentdomains/today/keyword?json (just replace "keyword" with your keyword like "hurricane")
Anonymous
Sep 7th 2021
3 years ago