The hottest research found that more than 450000 c

  • Detail

Research findings: researchers with covid

Palo Alto networks threat intelligence team unit 42 in more than 450000 cloud connections found that the public cloud infrastructure has established communication with the domain name that spreads covid-19 themed malware. Previously, unit 42 published a signed article at the end of March, discussing various attacks launched by malicious attackers using covid-19 (covid-19), which lacked industrialized action. Unit 42 researchers tried to further determine whether covid-19 related malicious events occurred in the public cloud infrastructure through more in-depth research. Once this activity is found, how should enterprises and institutions take protective measures

researchers found more than 300 malware samples with covid-19 as the theme, which established communication with 20 independent IP addresses and domain name intrusion indicators (IOC). By querying the network connections between prism cloud and these 20 suspicious intrusion indicators from March 1 to April 7, 2020, researchers found that there were 453074 unique network connections in 27 independent cloud environments (see Figure 1)

more than 450000 cloud connections are equipped with advanced large-scale circuits for circuit design. Covid-19 theme malware intrusion index (IOC)

covers 27 independent cloud environments with potential intrusion risk

clear signs indicate that nodes that perform command and control (C2) operations related to covid-19 theme malware have established communication

Figure 1: workflow chart

because researchers cannot view network traffic, No malware samples that have initiated network connections have been received, so it is impossible to determine whether these 27 enterprises have actually been attacked by covid-19 theme malware. Nevertheless, we should still regard these network connections as highly suspicious, because the target endpoint has a history of malware operations when the product concentration is higher than the other

it is crucial that every enterprise must monitor the network communication of its cloud infrastructure to ensure that malicious communication is identified and blocked. The cloud native security platform solution must be integrated into the cloud infrastructure, development and production environment to ensure that these covid-19 themed attacks cannot occur in the cloud infrastructure

for more details about this study, please click here to browse the English full text

about Palo Alto networks

as a global network security leader, Palo Alto networks is using its advanced technology to reshape the cloud centric future society and change the way humans and organizations operate. Our mission is to become the preferred network security partner and protect people's digital lifestyle. With our continuous innovation and breakthroughs in artificial intelligence, analysis, automation and orchestration, we help our customers cope with the world's most serious security challenges. By delivering integrated platforms and promoting the continuous growth of partner ecosystems, we have always been at the forefront of security, escorting tens of thousands of organizations in cloud, network and mobile devices. Our vision is to build an increasingly secure world. For more information, please visit Palo Alto networks or the Chinese website

by 2020, the average fuel consumption of passenger cars produced in China will be reduced to 5.0l/100km. About unit 42

unit 42 is the global threat intelligence team under Palo Alto networks. It is a recognized authority in the field of network threat defense. Many enterprises and government agencies around the world often seek help from them. Our analysts are experts in finding and collecting unknown threats and using code analysis for complete reverse engineering to parse malware. With this expertise, we provide high-quality, in-depth research to gain an in-depth understanding of the various tools, technologies, and procedures used by threat performers to invade the organization. Our goal is to provide as much background information as possible and explain the specific details of the attack, the executor of the attack and its reasons, so that security personnel around the world can understand the threat and better defend against the attack

Copyright © 2011 JIN SHI