Bad Actors in the Cloud: A Look at the Early Days of the COVID-19 Pandemic

Posted by Fuel HQ on Aug 27, 2020 9:15:00 AM

Thursday, August 27, 2020

From Fuel Headquarters

In the early days of the coronavirus crisis, bad actors were quick to make their way to the cloud, creating newly observed hostnames (NOHs) with keywords related to the global pandemic.

In this infographic, we share high-level findings from Unit 42’s report, “COVID-19: Cloud Threat Landscape,” which analyzed 1.2 million newly observed hostnames (NOH) containing keywords related to the COVID-19 pandemic from March 9, 2020 to April 26, 2020 (7 weeks).

Take a look at key findings, plus get Fuel members’ reactions to the report, including their thoughts on how cybersecurity professionals (and their colleagues) can continue to make information security a number one priority.

Fuel-Unit 42-Cloud COVID-19 Infographic

“It didn’t surprise me that so many NOHs are showing up in the cloud. Cloud computing offers the same benefits to malicious actors and the average consumer: lower latency, wider availability, easily managed global environments, elasticity, resiliency and lower costs. What I think is important to point out is that how cloud traffic is routed can often evade traditional means of traffic filtering, specifically for firewalls. You need to have security native to the cloud and in-depth defense at every layer to stand the best possible chance of protection.

“This is all the more reason information security plays a bigger role, now more than ever. Aligning programs and testing to frameworks like MITRE ATT&CK can give organizations insight into advanced persistent threat (APT) behaviors, allowing them to design and implement controls around relevant cyber threat intelligence. Don’t just buy the latest thing and plug it in, take the time and care to properly configure and test it. Continually test it to make sure it’s still secure in six months.

“Gone are the days when smaller organizations don’t worry about being targeted because they’re ‘small fish’ and no one ‘cares’ about their data. Sometimes the easiest way into a larger organization is through a trusted relationship. In this red, new world we live in, information security is everyone’s responsibility.” —Maril Vernon, Fuel User Group Member

Trust cyberattack actors to take advantage of a global pandemic. They know from experience and past success that anytime there is a situation where people want to stay as up to date as possible, they will go anywhere to get it. This means that whether it’s a spear-phishing attack (‘Your recent visit to the doctor indicates you may be at risk to COVID-19.’) or just URLs infected with malware from news sites, they are using fear as the driving force to get traffic to their sites.

“This just further reinforces, to me at least, that even the most basic cybersecurity training would vastly benefit users to protect themselves — how to break down a URL, how to determine if an email is valid or not, how to identify where a link is going to take them before clicking on it, etc.” —Charles Buege, Fuel User Group Member

More to Explore

Check out these Fuel blog posts for further reading:

Topics: COVID-19, Cloud Threats

Posts by Topic

see all

Subscribe to Blog Updates

Recent Posts

Posts by Topic

see all