Palo Alto Networks Unit 42 security team has recently reported increased phishing, malware, and malavertising attacks during the COVID-19 outbreak. Many cybercriminals seem to be using the current situation of confusion as leverage.
Palo Alto Networks is a cybersecurity company based on the US. They protect their clients against evolving cyberattacks by constantly monitoring the current web climate. As such, Unit 42, Palo Alto Networks’ Research team monitored user interest using Google Trends and their traffic logs for this study.
The sudden pandemic left everyone to their own resources. Researchers from Unit 42 found a huge increase in Google searches and URLs linked to Coronavirus viewed since early February. In the same vein, Unit 42 found out a a 656% increase in the average daily Coronavirus-related domain name registrations from February to March.
Cyberattackers have been using the interest in the topic to prey on users with coronavirus-related domain names. During the period, Unit 42 also observed a 569% spike in fraudulent registrations and 788% rise in “high-risk” registrations. This includes scams, unauthorized coin mining, and domains associated with malicious URLs within the domain using bulletproof hosting.
Unit 42 clustered the domains based Whois information, DNS records and screenshots (collected by automated crawlers) to detect registration campaigns and analyzed the number of malicious domains. Thus, they identified 116,357 Coronavirus-related newly registered domain names. 2,022 are malicious and 40,261 are “high-risk” out of the said number.
Palo Alto Networks reminds everyone to stay vigilant against cybercriminals especially during this COVID-19 pandemic. Cyberattackers have even went as far into using COVID- 19 fear as pressure to users into buying their products. It’s important to be wary of any emails or unfamiliar websites with COVID-19 themes claiming to have information, a testing kit, or a cure. Always validate websites by checking if the domain is legitimate or ensuring there’s a valid HTTPS connection.
To dig in deeper should you want added protection, Palo Alto Networks offers other solutions. Their best practice recommendation for URL Filtering is to block access to the Newly Registered Domain category. If not, it’s also good to enforce SSL decryption to these URLs for increased visibility. That way, users will be blocked from downloading risky file types. It also applies a stricter Threat Prevention policy, and increases logging for Newly Registered Domains. Or, if those solutions still not suit you, Palo Alto also recommend DNS-layer protection since 80% uses DNS.
COVID- 19 may stay for longer and cause more offices to opt for work from home instead. In that case, Palo Alto’s Prisma Access might be useful against cybercrime. Prisma Access is a cloud-delivered secure access service edge (SASE) platform providing consistent policy enforcement and security for remote offices and mobile users.
Learn more about how Palo Alto Networks here and check out Nir Zuk’s webcast on how to enable business continuity.
