[SANS ISC] Attackers Will Always Abuse Major Events in our Lifes, (Thu, Sep 2nd)

All major events in our daily life are potential sources of revenue for attackers. When elections or major sports events are organized, attackers will surf on these waves and try to make some profit or collect interesting data (credentials). It’s the same with major meteorological phenomena. The hurricane “Ida” was the second most intense hurricane to hit the state of Louisiana on record, only behind “Katrina”[1].

I had a quick look at the recently created domains in the “.com” TLD. First I searched for domains that contain the word “hurricane”:

Registrations compared to last months:

Month
Registrations

August
109

July
102

June
66

May
63

Now let’s have a look at registrations based on “hurricane” and “ida”:

Month
Registrations

August
15

July
0

June
0

May
0

 
 

Here is the list of domains registered in August:

hurricaneidahelp.com
hurricaneidarelief.com
hurricaneidafund.com
hurricaneida2021.com
hurricaneidaclaim.com
hurricaneidadamage.com
hurricaneidarecovery.com
hurricaneidaadjuster.com
hurricaneidalaw.com
hurricaneidalawyers.com
hurricaneidamoney.com
hurricaneidapublicadjusters.com
hurricaneidapublicadjusting.com
idahurricane.com
idahurricaneclaims.com

I did a quick check on those domains. Most of them are still parked domains at this time (they don’t serve any content), another one is a redirect to a lawyer’s company pretending to help you to get your money back in case of an accident.

Please be careful when looking for information about such major events, always cross-check the domain reputation to avoid problems.

[1] https://en.wikipedia.org/wiki/Hurricane_Ida

Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

Daily NCSC-FI news followup 2020-12-09

Hackers steal Pfizer/BioNTech COVID-19 vaccine data in Europe, companies say www.reuters.com/article/us-ema-cyber/hackers-access-biontech-pfizer-covid-19-vaccine-data-in-cyberattack-on-eu-regulator-idUSKBN28J2Q7 The European Medicines Agency (EMA), responsible for assessing and approving medicines and vaccines for the European Union, said hours earlier it had been targeted in a cyberattack. It gave no further details.. The two companies said they had been informed by the EMA that […]

Read More

[ZDNet] Artwork Archive cloud storage misconfiguration exposed user data, revenue records

All posts, ZDNet

An unsecured bucket exposed PII and sales information. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ZDNet] Firewalla launches Purple: Its must-have network security device

All posts, ZDNet

The $319 gadget will secure your network connections at home or on the road. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.