The United States has the largest number of malicious domains whose names are linked to the current coronavirus crisis, according to a new report.
Thanks to restrictive social distance rules that force workers around the world to work from home, cybercriminals have quickly adapted to the situation and diverted their attacks. By mid-April, Google had reported the daily distribution of more than 18 million COVID-19 malware and phishing emails.
Security researchers at Palo Alto Networks now claim that of the 1.2 million domain names registered between the 9th century and today, they are the only ones who have been able to identify the most popular domain names. March and 26th. The Commission notes that the domains registered on 1 April containing keywords related to the COVID 19 pandemic have identified more than 86,600 high-risk or malicious domains.
On average, just over 1,760 COVID-19 malicious domains were created daily during the analysis period, reports Palo Alto Networks. The areas covered by the study include coronav, covid, ncov, pandemic, vaccine and virus.
Most of the high-risk or malicious areas (29 007) are in the United States, followed by Italy (2 877), Germany (2 564) and Russia (2 456). The majority of domains (79.8%) were used for malware, and phishing (20%) and command domains (0.2%) were also observed.
More than 56,200 newly registered domains were hosted by one of the four leading cloud service providers (CSPs): 70.1% (39,494) on Amazon Web Services (AWS), 24.6% on Google Cloud Platform (GCP), 5.3% on Microsoft Azure and 0.1% on Alibaba Cloud.
Of the 86,600 high-risk or malicious domains, 2,829 were placed in public clouds: 79.2% on AWS, 14.6% on GCP, 5.9% on Azure and 0.3% on Alibaba. By using the resources of the cloud, attackers can not only avoid detection, but also intensify attacks.
In his report of 1. In April, Cisco discovered that about 4% of the approximately 47,000 domains containing the word covid or corona were malignant. In addition to crowns, viruses and covids, wuhan, clinic, laboratory, tests, self-test kits, shopping kits and a hotline were popular keywords at the time.
Researchers at Palo Alto Networks also found that some malicious domains were converted to multiple IP addresses, while some IP addresses were used for multiple domains.
Much of the mapping is often done in the cloud using Content Delivery Networks (CDNs) and can make IP-based firewalls ineffective, it is explained. An IP address blacklisted by a Layer 3 firewall should not block traffic to/from a malicious domain, which would make many other secure domains unintentionally unavailable.
The COWID 19 pandemic has also led to an increase in the use of cloud computing technologies, with threats coming from both the cloud and its users. As Europol pointed out last week, cyber attacks, fraud and other activities targeting ordinary users are expected to continue in the long term.
With thousands of malicious domains appearing on the Internet every day, you need to protect every access point with continuous monitoring and automated threat prevention tools. However, cloud-based services or applications generally offer less transparency for users and make monitoring the network more complex, concludes Palo Alto Networks.
That’s what it looks like: The COWID 19 crisis in Europe – Rapid response of criminals to the COWID 19 crisis
That’s what it looks like: Google sees millions of COVID-related malicious emails every day-19
That’s what it looks like: Vietnamese hackers start KOWID-19 spy campaigns against China
Ionat Argir is the international correspondent for Security Week.
Previous chronicles of Ionat Argir:
Keywords:
