Attackers Will Always Abuse Major Events in our Lifes

Published: 2021-09-02
Last Updated: 2021-09-02 07:12:41 UTC
by Xavier Mertens (Version: 1)
2 comment(s)

All major events in our daily life are potential sources of revenue for attackers. When elections or major sports events are organized, attackers will surf on these waves and try to make some profit or collect interesting data (credentials). It's the same with major meteorological phenomena. The hurricane "Ida" was the second most intense hurricane to hit the state of Louisiana on record, only behind "Katrina"[1].

I had a quick look at the recently created domains in the ".com" TLD. First I searched for domains that contain the word "hurricane":

Registrations compared to last months:

Month Registrations
August 109
July 102
June 66
May 63

Now let's have a look at registrations based on "hurricane" and "ida":

Month Registrations
August 15
July 0
June 0
May 0
   

Here is the list of domains registered in August:

hurricaneidahelp.com
hurricaneidarelief.com
hurricaneidafund.com
hurricaneida2021.com
hurricaneidaclaim.com
hurricaneidadamage.com
hurricaneidarecovery.com
hurricaneidaadjuster.com
hurricaneidalaw.com
hurricaneidalawyers.com
hurricaneidamoney.com
hurricaneidapublicadjusters.com
hurricaneidapublicadjusting.com
idahurricane.com
idahurricaneclaims.com

I did a quick check on those domains. Most of them are still parked domains at this time (they don't serve any content), another one is a redirect to a lawyer's company pretending to help you to get your money back in case of an accident.

Please be careful when looking for information about such major events, always cross-check the domain reputation to avoid problems.

[1] https://en.wikipedia.org/wiki/Hurricane_Ida

Xavier Mertens (@xme)
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key

2 comment(s)
ISC Stormcast For Thursday, September 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7656

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives