Cybercriminals continue to use the coronavirus as a lure to launch cyberattacks against both businesses and individuals which is why Microsoft has decided to open source its Covid-19 threat intelligence.
By sharing information that provides a more complete view of hackers’ shifting techniques, the entire security intelligence community can be more proactive in protecting, detecting and defending against these attacks.
Microsoft’s own security products, such as its Microsoft Defender Advanced Threat Protection (ATP), already provide built-in protection against these and other threats, though the company has published detailed guidance in a blog post titled “Responding to COVID-19 together” in order to help organizations combat them as well.
The software giant’s threat experts have also shared examples of malicious lures and enabled guided hunting of coronavirus-themed threats using Azure Sentinel Notebooks.
Covid-19 threat intelligence
Microsoft is taking its Covid-19 threat intelligence sharing a step further by making some of its own indicators publicly available to those not protected by its solutions. This will help raise awareness of attackers’ shift in techniques, how to spot them and how others can hunt for threats on their own.
The company’s indicators are now available in the Azure Sentinel GitHub and through the Microsoft Graph Security API. Enterprise customers that use MISP for storing and sharing threat intelligence can consume these indicators via a MISP feed.
Microsoft’s threat intelligence is provided for use by the wider security community as well as by customers that want to perform additional hunting. In a blog post, Microsoft explained that it will continue to maintain its threat intelligence feed during the peak of the coronavirus outbreak, saying:
“This COVID-specific threat intelligence feed represents a start at sharing some of Microsoft’s COVID-related IOCs. We will continue to explore ways to improve the data over the duration of the crisis. While some threats and actors are still best defended more discreetly, we are committed to greater transparency and taking community feedback on what types of information is most useful to defenders in protecting against COVID-related threats. This is a time-limited feed. We are maintaining this feed through the peak of the outbreak to help organizations focus on recovery.”