Skip to main content

Thousands of malicious Covid-19 domains hosted on public clouds

(Image credit: Photo Credit:

In less than two months (between early March and late April), researchers from Palo Alto Networks’ cybersecurity department Unit 42 discovered more than 86,000 malicious domains attached to the coronavirus pandemic.

The firm analysed more than 1.2 million newly registered domain names that contained keywords linked to the coronavirus outbreak and found that, on average, 1,767 malicious Covid-19 themed domains are created every day.

They also discovered more than 56,000 of the newly registered domains are hosted by the world’s most popular cloud service providers. Amazon Web Services was found to host 70.1 percent, followed Google Cloud (24.6 percent) and Microsoft Azure (5.3 percent).

Of those 56,000 domains, 2,829 were classified as risky or malicious – 79.2 percent hosted by AWS, 14.6 percent by Google and 5.9 percent by Azure.

Most malicious domains were found in the United States (29,007), followed by Italy (2,877), Germany (2,564) and Russia (2,456).

Researchers from Unit 42 believe criminals are concealing malicious activity (such as phishing or malware delivery) in the cloud, because its very nature makes activity more difficult to track.

“Organisations need to have a cloud-native security platform and a more advanced application-aware firewall to secure their environments,” the firm advised.