According to foreign media reports, Microsoft announced on Thursday that the company is making its threat intelligence related to hacking activities related to the new corona virus public. “As a security intelligence community, when the information we share can provide a more complete understanding of the attacker’s transfer technology, we will be more powerful,” the Microsoft Threat Intelligence team said in a blog post. “This more complete view allows us to more proactively protect, detect, and defend against attacks.”
Microsoft decided to open up its feed to raise awareness of the changing technology of attackers during the new corona pandemic-especially for those who may not have the broad visibility the company has. The security team wrote: “Microsoft processes trillions of signals every day across identities, endpoints, clouds, applications, and emails, which provides us with extensive visibility into COVID-19-themed attacks, allowing us to detect, protect and respond to these attacks in the security stack. “
Michael Daniel, president and chief executive officer of the Cyber Threat Alliance, a cybersecurity threat sharing nonprofit organization composed of 26 members, said that the shift in criminal activity during the pandemic targeted the use for the first time. People on the new platform.
“In general, the number of malicious activities in the security industry has not increased; however, we have seen a rapid and sharp shift in the focus of this criminal activity,” Daniel, the former White House cybersecurity coordinator, told CyberScoop. “Bad guys have tried to use factors such as people’s fears, lack of overall information, and the increase in the number of first-time users of many online platforms to shift the focus to the relevant topics of COVID-19.”
Microsoft’s move came months after cybercriminals and state actors began using the new corona virus and healthcare-themed spear-phishing emails or fake mobile apps to target victims worldwide. The information that Microsoft is providing includes file hashing indicators used in malicious attachments in pandemic-related spear phishing email campaigns. Many of the e-mail bait included mimic the brands of the World Health Organization and the Red Cross, while other baits seem to be sharing information about COVID-19 with the target.
The 283 threat indicators shared by Microsoft can be obtained through Microsoft’s Graph Security API or Azure Sentinel’s GitHub page.
Sarah Jones, senior principal analyst at Mandiant Threat Intelligence, told CyberScoop that this open sharing is likely to help small and medium-sized companies working to combat threats related to the new corona virus. “We haven’t had the opportunity to observe this feature of Microsoft, but having multiple ways to integrate and query external intel feeds is always helpful for network defenders.” Ones said. “In addition, publishing high-quality and audited ‘Compromise metrics’ feeds to customers can be a force multiplier for small and medium-sized enterprises.”
Cofense CTO Aaron Higbee welcomed the move, but he added that phishing emails that abuse Microsoft Office 365 are rampant.
“We commend all efforts to protect people from phishing attacks that take advantage of people’s fears and concerns about pandemics.” Higbee told CyberScoop. “Cofense customers are increasingly dissatisfied with Microsoft ’s inability to filter out phishing emails. When they learn that phishing emails come from Office 365 accounts and the phishing suite is hosted on Office 365, they become particularly annoyed . I ’m curious how many of the 283 phishing indicators Microsoft chose to share are hosted in Office 365. “
A few weeks ago, several cybersecurity volunteer groups joined forces to help medical institutions respond to sudden cybersecurity threats during the pandemic. Other companies have previously announced that they are providing services more widely.