As an Internet intelligence provider, we constantly keep track of domain registration trends and Domain Name System (DNS) activities. The central premise is that DNS patterns can help shape future security practices and protect the global cyber community. For example, a surge in branded domain registrations can help inform anti-phishing and brand protection strategies.
We identified six notable domain registration drivers for the second quarter of this year. We published a detailed report here. An overview of our key findings and takeaways is found below.
As Mother’s Day and Father’s Day were celebrated in multiple countries on 8 May and 19 June, the DNS also detected significant activities related to the events. Moreover, we noticed that more than 190 celebration-themed Q2 domains had already figured in malicious activities.
The Mother’s Day-themed domain registration peaked a week before the event. Interestingly, it also experienced a slight increase during the week ending 21 May 2022. The Father’s Day-related domains followed a similar trend, surging a week before the event. These patterns are shown in the chart below.
The .mom top-level domain (TLD) extension also rode the Mother’s Day tide, surpassing the volume of event-themed domains under other TLD extensions.
The U.S. tax deadline was set on 18 April 2022, but the tax season started on 24 January 2022. We detected a steady stream of relevant domain registrations each month, although February, March, and May had comparatively more registrations.
Some may find the trend normal since tax filing is a serious matter for everyone, and there may be several professionals offering related services online. However, we found that an alarming 12% of the Q2 tax-themed properties were malicious. They have already been used in phishing, scams, spamming, and other nefarious activities. To provide some perspective as to how these domains can easily lure victims in, some examples of malicious tax-related domains are:
News-Related
One significant news that disrupted the Internet in Q2 was the Elon Musk-Twitter deal. Twitter accepted the offer on 25 April 2022, which was immediately mirrored in the DNS. The number of domains containing “Elon Musk” and “Twitter” increased during the week ending 30 April 2022.
Threat actors immediately put the domains into action, with 3% of the properties flagged as malicious by the quarter’s end.
World Events
The Ukraine-Russia war remained a top global event and domain registration driver in Q2 2022. The number of relevant domains peaked in March and declined throughout Q2, although it still exceeded pre-war levels as seen in the chart below. Dozens of domains containing the names of the countries alongside words like “aid” and “donate” have been flagged as malicious.
Blockchain
We’ve been tracking domain registrations related to top cryptocurrencies since last year. In Q2 2022, we added non-fungible tokens (NFTs) and decentralized finance platforms (NFT) to our monitoring.
The cybersquatting domains were mostly added during the first two weeks of April, and registrations were erratic throughout the remainder of the quarter. Still, these blockchain technologies accounted for more than 880 registrations per week, and any of them could be used by scammers, fraudsters, phishers, and other threat actors. In fact, 2% of the Q2 blockchain-themed domains have already figured in malicious activities.
Industry-Related
Some domain registrations can belong to a specific industry, such as those related to car dealerships and social media platforms. In Q2, we detected a persistent stream of domains containing the names of the most-visited e-commerce platforms. You can see the cybersquatting trend throughout the quarter in the chart below.
Hundreds of the Q2 online shopping-themed domains have already been used in malicious campaigns.
—
While threat actors can weaponize any domain, properties under these registration drivers can more effectively lure victims since they are more targeted. Therefore, detecting domain registration trends and themes can help warn Internet users about possible vehicles for phishing, scams, spamming, fraud, and other cyber attacks.
You may contact us if you're interested in the domain registration trends tackled in this post. We are also open to research collaborations.