Over 1,700 malicious coronavirus-themed domains are created every day, new research has found,and while the vast minority are being hosted in public clouds, theyre more likely to slip by some of the less-complex firewalls.
This is according to research conducted by PaloAlto Networks' threat intelligence team Unit 42, which analysed 1.2 million newly registered domain (NRD) names with keywords relating to the coronavirus pandemic, from 9 March to 26 April.
Of these, over 86,600 domains were categorised as risky or malicious according to Palo Alto Networks URL filtering efforts and augmented by its AutoFocus product, the WHOIS domain database and IP geolocation.
Most of the malicious domains were hosted in the US with 29,007 domains, followed by Italy with 2,877, Germany with 2,564 and Russia with 2,456, according to a blog post by Jay Chen, senior cloud vulnerability and exploit researcher at Unit 42. In comparison, Australia held only 534 malicious domains.
The vast majority of the malicious domains contained malware, at 79.8 per cent. Phishing attempts were next at 20 per cent, and then command and control (C2) malware made up the last 0.2 per cent.
The vast minority of the malicious domains were also found to be hosted in public clouds, at 2,829. Of these, most were hosted by Amazon Web Services (AWS) at 79.2 per cent. Google Cloud Platform (GCP) had 14.6 per cent, Microsoft Azure had 5.9 per cent and Alibaba had just 0.3 per cent.
Chen hypothesised that higher prices and stringent screening and monitoring processes were likely the reasons so few malicious domains were being hosted in public clouds.
However, the threat from domains in public clouds shouldn't be underestimated.
"Threats originating from the cloud can be more difficult to defend because malicious actors leverage the cloud resources to evade detection and amplify the attack, Chen said.
The analysis conducted by Unit 42 found in some cases that multiple domains could resolve to a single IP address and a single domain could be associated with multiple IP addresses.
As both scenarios involve multiple connections, malicious actors can skirt IP blacklisting from layer-3 firewalls and could render safe domains unreachable in the process, while stronger layer-7 firewalls may be able to separate the bad domains from the good ones, Chen said.
He explained that the first scenario typically occurs when domains are hosted in a content delivery network (CDN), like Amazon Cloudfront or Cloudflare.
In a CDN, hundreds or thousands of domains in the nearby geographical location may resolve to the same IP of an edge server, Chen said.
CDNs reduce network latency and improve service availability by caching the static web content on edge servers.
However, because a malicious domain shares the same IPs as other benign domains in the same CDN, it also acts as a cover for malicious domains.
In our analysis, a Cloudflare IP 23.227.38[.]64 is associated with more than 150 risky or malicious domains. E.g., covid-safe[.]shop, cubrebocascovid[.]com, http://www.covidkaukes[.]lt, protection-contre-le- coronavirus[.]com. In the same dataset, more than 2,000 other benign domains also resolve to the same IP.
Meanwhile, the second scenario may be the domain having a set of redundant hosts which all serve the same content, or it may also be in a CDN, Chen said.
If a domain has multiple redundant hosts, a DNS will hold multiple A records for this domain, he said.
If a domain is hosted in a CDN, the domain can resolve to different IP addresses based on the client's location. The IP of the closest edge server is always returned when a client queries DNS servers for this domain.
In our analysis, the domain covid19-fr.johanrin[.]com resolves to 28 different IPs where each IP belongs to an Amazon CloudFront edge server. E.g., 52.85.151[.]68, 99.84.191[.]82, 13.249.44[.]82, 54.192.30[.]118.
This research is the latest in a series of coronavirus-themed cybersecurity alerts.
Previous cybersecurity warnings preying on the fears of COVID-19 include scammers hijacking the Microsoft Office 365 and Adobe brands, text message scams, impersonation scams of local companies and international organisations, and fake antivirus software claiming to protect users from the biological virus.
Error: Please check your email address.
Tags palo alto networksUnit 42
- Three Reasons Why You Should Invest in Cloud-based Email - My TechDecisions - TechDecisions - November 4th, 2020
- No way to go but up as cloud solutions shape the future of business - CNN Philippines - November 4th, 2020
- The global cyber insurance market is expected to reach a value of $70,671.9 million by 2030, from $5,573.2 million in 2019 - Yahoo Finance - November 4th, 2020
- Moving to cloud-native applications and data with Kubernetes and Apache Cassandra - JAXenter - November 4th, 2020
- How Digital Twins Accelerate the Growth of IoT - IoT For All - November 4th, 2020
- Bluebeam expands its global Studio data infrastructure - Planning, BIM & Construction Today - November 4th, 2020
- The journey to a cloud BSS - Ericsson - November 4th, 2020
- Edge computing strategies will determine the next cloud frontier - TechTarget - November 4th, 2020
- How do we protect the hybrid workplace? - TechHQ - November 4th, 2020
- Evolution of File Sharing and its method - InfotechLead.com - November 4th, 2020
- Amazon: The Coming Graviton3 - Seeking Alpha - November 4th, 2020
- Windows Admin Center is Coming to the Azure Portal - Petri.com - November 4th, 2020
- Sophos Uncovers Attackers Targeting Non-Governmental Organizations in Myanmar With New 'KilllSomeOne' Backdoor - GlobeNewswire - November 4th, 2020
- IBM Delivered An RDi Update, Too - IT Jungle - November 4th, 2020
- Racksquared Is Another Option For IBM i Private Cloud - IT Jungle - November 2nd, 2020
- United States Data Center Construction Markets, 2020-2025 - Growing Cloud Applications, AI, and Big Data & Rising Adoption of Hyperscale Data... - November 2nd, 2020
- Impact of Covid-19 on Private Cloud Server Market 2020 | Enormous Growth with Recent Trends & Demand By Top Vendors AT&t, Sprint Corporation, Verizon... - November 2nd, 2020
- Does Google Workspace Replace Exchange and Active Directory? - Security Boulevard - November 2nd, 2020
- Private Cloud Server Market Report 2020 Industry Size, Share, Growth, Trends, Impact Of Covid-19 on Sales Revenue, Business Strategies, Key Countries... - November 2nd, 2020
- What Is the R.U.D.Y. Attack - Security Boulevard - November 2nd, 2020
- Serial Console Server Market to Exceed US$ 37 Million by 2030 North America Latin America Europe East Asia South Asia Oceania MEA to Remain the... - November 2nd, 2020
- Private Cloud Server Market Report, History And Forecast 2020-2026, Breakdown Data By Manufacturers, Key Regions, Types And Application - The Think... - November 2nd, 2020
- MJFChat: The Role of the IT Pro in a Microsoft 365 Cloud World - Petri.com - November 2nd, 2020
- Wiwynn EP100 Participated in the Second Global O-RAN ALLIANCE Plugfest with Radisys - Business Wire - November 2nd, 2020
- Zerto beefs up backup, DR and in-AWS-cloud protection Blocks and Files - Blocks and Files - October 17th, 2020
- What is Elasticsearch and why is it involved in so many data leaks? - TechRadar - October 17th, 2020
- How to move your computer systems to the cloud - KnowTechie - October 17th, 2020
- What is application hosting? - Techradar - October 17th, 2020
- The Role of Hybrid Cloud Technologies in Today's Business Climate Wall Street Call - Reported Times - October 17th, 2020
- IBM Goes All-In On Hybrid Cloud - IT Jungle - October 17th, 2020
- Is your college in a severe wildfire zone? - CALmatters - October 17th, 2020
- Fujitsu Verifies Effectiveness of Private 5G in Manufacturing Sites with Microsoft Japan - Latest Digital Transformation Trends | Cloud News - Wire19 - October 17th, 2020
- New Neoverse Platforms Take on the Cloud, HPC, and the Edge - Electronic Design - October 17th, 2020
- IBM shares rise on plans to spin off its IT infrastructure unit and focus on the cloud business - CNBC - October 8th, 2020
- Carhartt shifts old data to the cloud with Komprise - ComputerWeekly.com - October 8th, 2020
- Global Cloud Identity and Access Management (IAM) Industry - PRNewswire - October 8th, 2020
- Smart Home Cloud Platform Market is anticipated to exhibit an impressive CAGR of around 17% during 2020 to 2030, Reports PMR - PRNewswire - October 8th, 2020
- Why Africa Needs to Take Advantage of the Cloud - IT News Africa - October 8th, 2020
- Vulnerabilities in HashiCorp Vault could lead to authentication bypass - The Daily Swig - October 8th, 2020
- Corporate payments without corporate cards - ThePaypers - The Paypers - October 8th, 2020
- Leaseweb Global Expands Veeam Backup Integration to Global Entities - HostReview.com - October 8th, 2020
- What is Google Cloud certification and should I get it? - Android Authority - October 8th, 2020
- Esri Announces New Security Enhancements through Integration of US Government-Approved Drone and Cloud Deployment to the European Union - sUAS News - October 8th, 2020
- Giving Was Strong the First Half of the Year. Will That Continue? - The Chronicle of Philanthropy - October 8th, 2020
- Three Advantages Of Using Cloud Computing In Business - CIO Applications - October 5th, 2020
- How secure is the cloud in 2020? - Techerati - October 5th, 2020
- Cloud computing is betting on outer space - Mint - October 5th, 2020
- VMware wants to play nice with Nvidia DPUs Blocks and Files - Blocks and Files - October 5th, 2020
- Industry Groups Spar Over NDAA Provisions on Sourcing of Electronics from China - Nextgov - October 5th, 2020
- Hewlett Packard Enterprise Becomes the Only Major Server Manufacturer to Ship World's Most Secure Industry-Standard, Made-in-USA Servers - Business... - October 5th, 2020
- Privacy, civil rights groups demand transparency from Amazon on election data breaches | TheHill - The Hill - October 5th, 2020
- What is the Importance of ROI in Enterprise Application Integration? - CIOReview - October 5th, 2020
- Top 5 Questions When Moving To The Cloud | How To Scale - Industry Analysts Inc - October 5th, 2020
- Anticipating The Accessibility Of The Amazon One Payment System - Forbes - October 5th, 2020
- Intel Xeon Scalable Technology Boost InMotion's Server Capabilities - AiThority - October 5th, 2020
- Tackling The Security Challenges Of A New Remote Working Reality - ISBuzz News - October 5th, 2020
- Three wireless gadgets that give you bang for your buck include waterproof earbuds, outdoor camera - The Dallas Morning News - October 5th, 2020
- Importance of Financial Governance in the Cloud - Analytics Insight - September 22nd, 2020
- Risks and opportunities in hybrid cloud storage - Process & Control Today - September 22nd, 2020
- How cloud threat protection takes on shadow IT - CIO Dive - September 22nd, 2020
- Cloud Analytics Market worth $65.4 billion by 2025 - Exclusive Report by MarketsandMarkets - Yahoo Finance - September 22nd, 2020
- How the Pandemic Opened the Door for Data Opportunities in the Cloud - StateTech Magazine - September 22nd, 2020
- Why Financial Market Data is Moving to The Cloud - Institutional Investor - September 22nd, 2020
- What Is QuickBooks Server Hosting and Who Should Use It? - Loop21 - September 22nd, 2020
- Low latency is the name of the game for IoT. Can your network keep up? - Techgoondu - September 22nd, 2020
- Why Snowflake Is Freezing Out Its Competition - Morning Brew - September 22nd, 2020
- Best things to look at in a VPS web hosting - Techiexpert.com - TechiExpert.com - September 22nd, 2020
- Global Cloud Based Collaboration Software Market : Industry Analysis and Forecast (2020-2027) By Deployment Type, Service, Solution, Enterprise Size,... - September 22nd, 2020
- Bringing the power of embedded analytics to your apps and services with Amazon QuickSight - idk.dev - September 22nd, 2020
- Qovery lets you deploy your application without managing your cloud infrastructure - TechCrunch - September 10th, 2020
- Actifio pushes cloud DR that accelerates slow object storage to near SSD speed - Blocks and Files - September 10th, 2020
- Not Just in the Cloud: Serverless in Your Own Data Center - Data Center Knowledge - September 10th, 2020
- Why Public Cloud Data Center Spending Is At An All-Time High - CRN: Technology news for channel partners and solution providers - September 10th, 2020
- Data Virtualization Cloud Market to Grow at an Exceptional CAGR of 25% as IT Sector Shift Towards Cloud-based Operations: Future Market Insights -... - September 10th, 2020
- NETINT Deploys Video Transcoding Technology in the Nimbix Cloud - HPCwire - September 10th, 2020
- Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor - The Hacker News - September 10th, 2020
- HPE, Dell In Dead Heat In Server Market-Share Battle In 2020 - CRN: Technology news for channel partners and solution providers - September 10th, 2020
- Inspur Information Unveils inMerge HCI Systems Targeting AI, Edge and Cloud Computing - Business Wire - September 10th, 2020
- Northern Virginia remains the King of the Cloud - WTOP - September 10th, 2020
- Wolters Kluwer Outlines Cloud-native Technologies for Optimizing Financial Services Operations in New White Paper - Business Wire - September 10th, 2020