Over 1,700 malicious coronavirus-themed domains are created every day, new research has found,and while the vast minority are being hosted in public clouds, theyre more likely to slip by some of the less-complex firewalls.
This is according to research conducted by PaloAlto Networks' threat intelligence team Unit 42, which analysed 1.2 million newly registered domain (NRD) names with keywords relating to the coronavirus pandemic, from 9 March to 26 April.
Of these, over 86,600 domains were categorised as risky or malicious according to Palo Alto Networks URL filtering efforts and augmented by its AutoFocus product, the WHOIS domain database and IP geolocation.
Most of the malicious domains were hosted in the US with 29,007 domains, followed by Italy with 2,877, Germany with 2,564 and Russia with 2,456, according to a blog post by Jay Chen, senior cloud vulnerability and exploit researcher at Unit 42. In comparison, Australia held only 534 malicious domains.
The vast majority of the malicious domains contained malware, at 79.8 per cent. Phishing attempts were next at 20 per cent, and then command and control (C2) malware made up the last 0.2 per cent.
The vast minority of the malicious domains were also found to be hosted in public clouds, at 2,829. Of these, most were hosted by Amazon Web Services (AWS) at 79.2 per cent. Google Cloud Platform (GCP) had 14.6 per cent, Microsoft Azure had 5.9 per cent and Alibaba had just 0.3 per cent.
Chen hypothesised that higher prices and stringent screening and monitoring processes were likely the reasons so few malicious domains were being hosted in public clouds.
However, the threat from domains in public clouds shouldn't be underestimated.
"Threats originating from the cloud can be more difficult to defend because malicious actors leverage the cloud resources to evade detection and amplify the attack, Chen said.
The analysis conducted by Unit 42 found in some cases that multiple domains could resolve to a single IP address and a single domain could be associated with multiple IP addresses.
As both scenarios involve multiple connections, malicious actors can skirt IP blacklisting from layer-3 firewalls and could render safe domains unreachable in the process, while stronger layer-7 firewalls may be able to separate the bad domains from the good ones, Chen said.
He explained that the first scenario typically occurs when domains are hosted in a content delivery network (CDN), like Amazon Cloudfront or Cloudflare.
In a CDN, hundreds or thousands of domains in the nearby geographical location may resolve to the same IP of an edge server, Chen said.
CDNs reduce network latency and improve service availability by caching the static web content on edge servers.
However, because a malicious domain shares the same IPs as other benign domains in the same CDN, it also acts as a cover for malicious domains.
In our analysis, a Cloudflare IP 23.227.38[.]64 is associated with more than 150 risky or malicious domains. E.g., covid-safe[.]shop, cubrebocascovid[.]com, http://www.covidkaukes[.]lt, protection-contre-le- coronavirus[.]com. In the same dataset, more than 2,000 other benign domains also resolve to the same IP.
Meanwhile, the second scenario may be the domain having a set of redundant hosts which all serve the same content, or it may also be in a CDN, Chen said.
If a domain has multiple redundant hosts, a DNS will hold multiple A records for this domain, he said.
If a domain is hosted in a CDN, the domain can resolve to different IP addresses based on the client's location. The IP of the closest edge server is always returned when a client queries DNS servers for this domain.
In our analysis, the domain covid19-fr.johanrin[.]com resolves to 28 different IPs where each IP belongs to an Amazon CloudFront edge server. E.g., 52.85.151[.]68, 99.84.191[.]82, 13.249.44[.]82, 54.192.30[.]118.
This research is the latest in a series of coronavirus-themed cybersecurity alerts.
Previous cybersecurity warnings preying on the fears of COVID-19 include scammers hijacking the Microsoft Office 365 and Adobe brands, text message scams, impersonation scams of local companies and international organisations, and fake antivirus software claiming to protect users from the biological virus.
Error: Please check your email address.
Tags palo alto networksUnit 42
- Uncover and overcome cloud threat hunting obstacles - TechTarget - May 26th, 2020
- This extraordinary motherboard is being used by server CPU scavengers - TechRadar India - May 26th, 2020
- VMware reduces hardware footprint of its shiny new K8s-on-vSphere toys - The Register - May 26th, 2020
- How Zoom plans to better secure meetings with end-to-end encryption - TechRepublic - May 26th, 2020
- VMware, Dell level up their combined on-prem cloud with much more computing grunt - The Register - May 26th, 2020
- Accelerator Card Market Will Witness Substantial Growth in the Upcoming years by 2027 - WaterCloud News - May 26th, 2020
- Uber India deploys Canon information management solution- Therefore for operational workflow - CRN.in - May 26th, 2020
- Potential Impact of COVID-19 on Research Report prospects the Server Backup Software Market - Cole of Duty - May 26th, 2020
- Do You Know Where Your Servers Come From? Heres Why Securing The Supply Chain Matters - Forbes - May 26th, 2020
- Live analytics without vendor lock-in? It's more likely than you think, says Redis Labs - The Register - May 26th, 2020
- Latest Forecast on Government Cloud Market Emerging Industries, Growth, Remarkable Developments and Key Players| Global Future Prospects 2025 - 3rd... - May 26th, 2020
- Cloud Accounting Software Market Research Report Comprising Development Trends 2020, Key Manufacturers and Competitive Landscape to 2025 - Cole of... - May 26th, 2020
- Gartner: How and why cloud providers need to support their customers through Covid-19 - Cloud Tech - May 22nd, 2020
- The Connection Between Cloud Service Providers and Cyber Resilience - Security Intelligence - May 22nd, 2020
- Google And Dell Pave The Way For File Data In The Cloud - The Next Platform - May 22nd, 2020
- Veeam teams up with Kasten for containerised app backup Blocks and Files - Blocks and Files - May 22nd, 2020
- Hybrid cloud: The key to surviving and thriving during the pandemic - WTOP - May 22nd, 2020
- Global Bare Metal Cloud Market : Industry Analysis and Forecast... - Azizsalon News - May 22nd, 2020
- Exabeam sees more than half of new and add-on recurring revenue from cloud offering - Help Net Security - May 22nd, 2020
- OnShip Brings its Parcel & Freight Shipping Transportation Management Platform to the Cloud with Cameyo - Supply and Demand Chain Executive - May 22nd, 2020
- 'What is Dropbox?': How to use the cloud-based file-storage service for collaboration - Business Insider - Business Insider - May 22nd, 2020
- Couchbase Announces $105 Million Equity Investment Led by GPI Capital to Fuel Its Next Phase of Growth and Cloud Innovation - GlobeNewswire - May 22nd, 2020
- The Register calls for aid, and Microsoft's Rohan Kumar will answer... our questions about SQL Edge and Azure Synapse - The Register - May 22nd, 2020
- What are the different types of cloud load balancing? - TechTarget - May 22nd, 2020
- How data centers will become automated and self-reliant - TechHQ - May 22nd, 2020
- Masayoshi Son says AWS and Microsoft will buy more chipsets from the SoftBank Vision Fund-backed Arm, and not - Business Insider India - May 22nd, 2020
- Chinese IPOs hang in the balance as Senate and Nasdaq change rules - Data Economy - May 22nd, 2020
- Portworx upbeat on container storage revenues Blocks and Files - Blocks and Files - May 22nd, 2020
- New study Global Managed Servers Market 2019 | Growth Opportunities, Investment Feasibility, Market Share And Forecast 2025 - Cole of Duty - May 22nd, 2020
- New Study Finds that IT Pros Are Worried About Corporate Data Security - Database Trends and Applications - May 19th, 2020
- Get your head in the cloud: why cloud is crucial for sustainable business - New Zealand News Centre - Microsoft - May 19th, 2020
- The Global Public Cloud Services Market is expected to grow by $ 221.84 billion during 2020-2024 progressing at a CAGR of 19% during the forecast... - May 19th, 2020
- Traditional or Cloud Antivirus Solutions Which is Best? - PC Tech Magazine - May 19th, 2020
- Moving beyond Covid-19: what does the future of work look like? - ETCIO.com - May 19th, 2020
- AWS unleashes custom Arm processor the Graviton2 in new EC2 M6g instance type - The Register - May 14th, 2020
- Pandemic Shows The Value Of The Public Cloud - The Next Platform - May 14th, 2020
- Jigsaw24 Expands Via24 Cloud Services With Deployment of EditShares EFSv - Broadcasting & Cable - May 14th, 2020
- The age of the ethical cloud is green and for everyone Intelligent CIO Europe - Intelligent CIO Africa - May 14th, 2020
- The Future of Artificial Intelligence: Edge Intelligence - Analytics Insight - May 14th, 2020
- How cloud is accelerating the growth of digital payments - TechHQ - May 14th, 2020
- Live Webinar Preview: Commands & Custom Scripting for Remote Application Installs - Security Boulevard - May 14th, 2020
- Private Cloud Server Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - Cole of Duty - May 14th, 2020
- Swarm Theory: Lessons from nature in the advancement of robotics - Techerati - May 14th, 2020
- What are the Differences Between IaaS, PaaS, and SaaS? - stopthefud - May 14th, 2020
- Zoom Settles with NY AG over Privacy and Security Concerns - Security Magazine - May 14th, 2020
- Codestone helps shipping agent to cloud-based infrastructure - Codestone - May 14th, 2020
- Server sales went through the roof in the first three months of 2020. Enjoy it while it lasts, Dell, HPE, and pals - The Register - May 14th, 2020
- Global Cloud Infrastructure Testing Market Research Report 2020 By Size, Share, Trends and Analysis up to 2025. - Cole of Duty - May 14th, 2020
- Digital Harmonic to Bring its Powerful AI-Driven Image and Video Enhancing Solution to the Federal Market - Business Wire - May 14th, 2020
- Sorry if this seems latency obvious, but... you can always scale out your storage with end-to-end NVMe - The Register - May 14th, 2020
- The role of the data centre in the future of Data Management - Data Economy - May 14th, 2020
- We'd love to come up with a Harbor container ship pun but we're too corona-frazzled. Version 2.0 is out - The Register - May 14th, 2020
- Edge Intelligence: The Next Wave of AI - EE Times India - May 14th, 2020
- Patch by Friday or compromised by Monday: Salt exploit exposes Infrastructure-as-Code tools threat - SC Magazine UK - May 6th, 2020
- Serverless Exists In The Cloud and Both Need Servers - Computer Business Review - May 6th, 2020
- Analysis on Impact of COVID-19- Rugged Servers Market 2020-2024 | Increased Adoption of Cloud Applications to Boost Growth | Technavio - Business Wire - May 6th, 2020
- Privitar Announces New Native Integration With Google Cloud Platform - Business Wire - May 6th, 2020
- Industrial 5G and the Mobile Edge - ARC Viewpoints - May 6th, 2020
- Neutrino Energy Will Power The Future's Internet Consumption - Forbes India - May 6th, 2020
- Norton 360 Deluxe review: Comprehensive security solution with built-in VPN - Business Standard - May 6th, 2020
- Microsoft Announces the General Availability of Windows Server Containers, and More for AKS - InfoQ.com - May 6th, 2020
- Protecting the Cloud: Securing access to public cloud accounts - Naked Security - May 6th, 2020
- Cloud Act is not a sovereign aggressive overreach by the US - News24 - May 6th, 2020
- How to Set Up pCloud Drive in 2020 - Cloudwards - May 6th, 2020
- In the cloud, who can hear your developers scream? - The Register - May 4th, 2020
- Unlock The Full Value Of SAP Hana In The Cloud With IBM Power - E3zine.com - May 4th, 2020
- Critical SaltStack vulnerability affects thousands of datacentres - ComputerWeekly.com - May 4th, 2020
- Hot On The Heels Of Mellanox, Nvidia Snaps Up Cumulus Networks - The Next Platform - May 4th, 2020
- AWS Cloud Formation Market Countries Analysis Report 2020 by Industry Size, Share, Growth Rate and Revenue Aminet Market Reports - amitnetserver - May 4th, 2020
- Review hybrid cloud offerings that bring the cloud on premises - TechTarget - May 4th, 2020
- Gmail and Outlook sitting in a tree, not t-a-l-k-i-n-g to me or thee - The Register - May 4th, 2020
- The attacker and the data centre - ITProPortal - May 4th, 2020
- Three things in life are certain: Death, taxes, and cloud-based IoT gear bricked by vendors. Looking at you, Belkin - The Register - April 29th, 2020
- AMD and Samsung's Earnings Point to a Cloud Server Spending Boom - TheStreet - April 29th, 2020
- Organizations are Increasing IT budgets for AI, Cloud, and Security - EnterpriseTalk - April 29th, 2020
- It's your last chance to get this ace VPN deal with 73% off and free cloud storage - TechRadar India - April 29th, 2020
- Atos to Deliver Next Generation Cloud Services to the State of Texas - AiThority - April 29th, 2020
- In the first quarter, Google Cloud's revenue is up 52% year-over-year - FierceTelecom - April 29th, 2020
- Experts warn there are still legal ways the US could obtain COVIDSafe data - ABC News - April 29th, 2020
- 14 ways AWS beats Microsoft Azure and Google Cloud - ARNnet - April 29th, 2020