COVID-19: Cloud Threat Landscape

Unit 42 researchers analyzed 1.2 million newly observed hostnames (NOH) containing keywords related to the COVID-19 pandemic from March 9, 2020 to April 26, 2020 (7 weeks). 86,600+ fully qualified domain names are classified as  “high-risk” or “malicious” (C2, malware, or phishing), spread across various regions , as shown in Figure 1. The United States has the highest number of malicious domain names (29,007), followed by Italy (2,877), Germany (2,564), and Russia (2,456).

Unit 42 researchers found 56,200+ of the NOHs are hosted in one of the top four  popular cloud service providers (CSPs), such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and Alibaba:

  • 70.1% in AWS
  • 24.6% in GCP
  • 5.3% in Azure
  • <.1% in Alibaba

Read more…
Source: Palo Alto