COVID-19: Cloud Threat Landscape
Unit 42 researchers found 56,200+ of the NRDs are hosted in one of the top four popular cloud service providers (CSPs), such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and Alibaba: Executive Summary Unit 42 researchers analyzed 1.2 million newly registered domain (NRD) names containing keywords related to the COVID-19 pandemic from March 9, 2020 to April 26, 2020 (7 weeks). 86,600+ domains are classified as “risky” or “malicious”, spread across various regions , as shown in Figure 1. The United States has the highest number of malicious domains (29,007), followed by Italy (2,877), Germany (2,564), and Russia (2,456). While the researchers were only able to identify two risky domains in the Philippines: covid19qpass.hopto.org and fcovid.ph. â— 70.1% in AWS â— 24.6% in GCP â— 5.3% in Azure â— <.1% in Alibaba During our research, we noticed that some malicious domains resolve to multiple IP addresses, and some IP addresses are associated wit
READ MORE...