In this time of collective fear and global turmoil, many government entities or health organizations are trying to coordinate with their communities about COVID-19 related topics. We at Quad9 applaud the efforts of governments and organizations around the globe trying to get relevant information to their local populations.
In times such as these, bad cyber-actors will also emerge. We’ve been alerted to a rise in phishing, malware, and ransomware attacks from a number of our Threat Intelligence Providers and public sources such as; EFF, IBM, and DomainTools. Rest assured, we are working to protect our global user base and add these malicious sites into our Block List as quickly as possible.
We have also seen a rise internally in the number of false positives reports we are getting for sites related to COVID-19. False positives are sites that we get in our feed but turn out to be valid domains without nefarious content or intent.
If you are a valid site trying to provide information on COVID-19, there are some things you can do to protect yourself from getting caught up in the dangerous cyber-actor dragnet.
- Leverage your existing domain. It’s probably been around at least a few years. Don’t register a new one. Domains registered in the last 30 days tend to raise a warning bell, especially in a space where there is a lot of malicious activity like this one.
- Use a valid SSL certificate. Let’s Encrypt is free.
- Use the same authoritative name servers as you do for other domains that you own. Authoritative names servers are frequently checked when trying to determine if a site is malicious.
- If you decide to use a subdomain like ‘corona.example.net,’ try and use the same authoritative name servers you have for ‘example.net.’
- If you set it up in the cloud and for some reason need to delegate authoritative DNS work with your cloud provider to add a delegated subdomain.
- If at all possible (even if you have domain privacy settings at max), have a way to answer emails that come in through WHOIS queries to your abuse or technical contact. Threat Intelligence Providers could be trying to reach you to query you about your site.
Check to see if your site is currently blocked here: https://quad9.net
Contact our support team if your site is currently blocked or you need additional info.