Over 86,600 and counting… these domains stand ready to pound and pounce hapless victims who fall for phishing and malware traps.

Malicious Covid-19-themed domains have sprouted like wildfire in the cloud, ready to target unsuspecting users with coronavirus-related phishing and malware.

Furthermore, 250 of such domains were found in Singapore, the highest among ASEAN countries. This and other findings were reported by Unit 42, which is part of the Palo Alto Networks threat intelligence team.

For example:

  • 2,829 Covid-19-themed domains hosted in public clouds (AWS, Azure, GCP, Alibaba) were found to be risky or malicious. 
    • Nearly 80% of such domains are hosted in AWS:
      • AWS: 79.2%
      • GCP: 14.6%
      • Azure: 5.9% 
      • Alibaba: Less than 0.5% 
  • In total, through a seven-week period, over 86,600 Covid-19 themed domains were classified as risky or malicious.
    • The US has the highest number of malicious domains, followed by Italy and Germany.
    • On average, 1,767 malicious COVID-19 themed domains are created daily.
    • The higher price and more rigorous screening/monitoring process is likely making malicious actors less willing to host malicious domains in public clouds.

The report’s authors noted: “Cyber threats are evolving rapidly and leveraging real-world events to deceive victims. With COVID-19 driving a surge in cloud adoption, we see not only attacks targeting the cloud users but also threats originating from the cloud. With thousands of malicious domains coming online every day, it is imperative to protect every endpoint with continuous monitoring and automatic threat prevention tools because cloud-hosted applications and services are exposed to the same threats as non-cloud endpoints.”

The problem becomes even more complicated, noted the researchers, when working in a multi-cloud environment. Due to the complexity of cloud management, user-induced misconfigurations lead to the most security incidents. Concluding, the researchers felt that cloud-native security platforms (CNSPs) can help organizations monitor and secure resources across multiple cloud providers, workloads and hybrid cloud environments.