About 2,000 COVID-19 themed malicious domains are made live every day, claims a new study
Cybercriminals are increasingly exploiting the public interest in the widespread crisis and spreading malicious activity – via different spam campaigns and hefty malicious domains. Over 86,600 newly created domains related to the outbreak of the virus have been tagged as ‘risky’ or ‘malicious’. These surprising findings came up from the latest study by Palo Alto Networks – Unit 42 in collaboration with RiskIQ, titled “COVID-19: Cloud Threat Landscape”.
Many hackers are successfully riding on the back of the pandemic by fooling people in terms of relief funds. As per the report, researchers found that the 86,600 domains from nearly 1.2 million Newly Registered Domain (NRDs) contain keywords related to COVID-19. What’s more worrisome is that they are dangerously close to the actual ones.
The Unit 42 team has analyzed all the new domain names that had keywords similar or related to the Coronavirus. It was found that the United States, Russia, Germany, and Italy had the most malicious COVID-19 domains. And the US topped the list with more than 29,000 such domains. Roughly, around 1,767 malicious domains were built daily, between March 9, 2020, up to April 26, 2020. From those 86,600+ domains, nearly 2,829 domains are hosted in public clouds, and they are highly insecure.
Today, cybercriminals are taking advantage of the cloud to disguise phishing attacks, and COVID-19 has already created a surge in cloud adoption. About 80% of the malicious domains were hosted on the Amazon Web Series (AWS), 15% on the Google Cloud Platform, 6% were found on Microsoft Azure, and approx. 1% on Alibaba cloud. RiskIQ had been tracking the new domains that contain keywords such as – ‘covid’, ‘coronav’, ‘pandemic’,’ncov’, ‘virus’, ‘vaccine’, and so on.
As per Jay Chen, author of the report, “It is interesting to see that only 5% of the NRDs are found malicious in public clouds, while 7.5% of NRDs are found malicious in the entire internet. The higher price and more rigorous screening/monitoring process are likely making malicious actors less willing to host malicious domains in public clouds.”
During the research, it was found that many malicious domains resolve to multiple IP addresses. Besides, many IP addresses are linked to various domains. Jay Chen also added, “This many-to-many mapping often occurs in cloud environments due to the use of content delivery networks and can make IP-based firewalls ineffective.”