TY - GEN
T1 - Identifying and Characterizing COVID-19 Themed Malicious Domain Campaigns
AU - Xia, Pengcheng
AU - Nabeel, Mohamed
AU - Khalil, Issa
AU - Wang, Haoyu
AU - Yu, Ting
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/4/26
Y1 - 2021/4/26
N2 - Ever since the beginning of the outbreak of the COVID-19 pandemic, attackers acted quickly to exploit the confusion, uncertainty and anxiety caused by the pandemic and launched various attacks through COVID-19 themed malicious domains. Malicious domains are rarely deployed independently, but rather almost always belong to much bigger and coordinated attack campaigns. Thus, analyzing COVID-themed malicious domains from the angle of attack campaigns would help us gain a deeper understanding of the scale, scope and sophistication of the threats imposed by such malicious domains. In this paper, we collect data from multiple sources, and identify and characterize COVID-themed malicious domain campaigns, including the evolution of such campaigns, their underlying infrastructures and the different strategies taken by attackers behind these campaigns. Our exploration suggests that some malicious domains have strong correlations, which can guide us to identify new malicious domains and raise alarms at the early stage of their deployment. The results shed light on the emergency for detecting and mitigating public event related cyber attacks.
AB - Ever since the beginning of the outbreak of the COVID-19 pandemic, attackers acted quickly to exploit the confusion, uncertainty and anxiety caused by the pandemic and launched various attacks through COVID-19 themed malicious domains. Malicious domains are rarely deployed independently, but rather almost always belong to much bigger and coordinated attack campaigns. Thus, analyzing COVID-themed malicious domains from the angle of attack campaigns would help us gain a deeper understanding of the scale, scope and sophistication of the threats imposed by such malicious domains. In this paper, we collect data from multiple sources, and identify and characterize COVID-themed malicious domain campaigns, including the evolution of such campaigns, their underlying infrastructures and the different strategies taken by attackers behind these campaigns. Our exploration suggests that some malicious domains have strong correlations, which can guide us to identify new malicious domains and raise alarms at the early stage of their deployment. The results shed light on the emergency for detecting and mitigating public event related cyber attacks.
KW - Covid-19
KW - knowledge graph
KW - malicious campaigns
UR - http://www.scopus.com/inward/record.url?scp=85105007988&partnerID=8YFLogxK
U2 - 10.1145/3422337.3447840
DO - 10.1145/3422337.3447840
M3 - Conference contribution
AN - SCOPUS:85105007988
T3 - CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy
SP - 209
EP - 220
BT - CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery, Inc
T2 - 11th ACM Conference on Data and Application Security and Privacy, CODASPY 2021
Y2 - 26 April 2021 through 28 April 2021
ER -