For the last couple of months, cybercriminals have taken advantage of the coronavirus pandemic to launch a series of attacks on individuals and companies, with a COVID-19 angle. In order to fight these threats, Microsoft has open-sourced its threat knowledge to help the security community build protective solutions for users.
The company said it already provides a cover against coronavirus-themed attacks to customers using Microsoft Threat Protection (MTP) through products like Microsoft Defender. However, now it’s open-sourcing knowledge for people who might not be protected by MTP. As a part of the announcement, Microsoft has released new indicators to detect these attacks.
For its enterprise customers using Azure Sentinel, a cloud-based security analysis tool for companies, the Seattle-based firm has provided a guided notebook that security teams use to protect themselves against attacks. Microsoft is also making the threat data easily available to any company using the Malware Information Sharing Platform (MISP), an open-source threat intelligence platform.
The company said this indicator list is built by processing trillions of signals each day across cloud services, applications, and emails:
Microsoft processes trillions of signals each day across identities, endpoint, cloud, applications, and email, which provides visibility into a broad range of COVID-19-themed attacks, allowing us to detect, protect, and respond to them across our entire security stack.
The campaign that delivered Trickbot last week is now deploying Dofoil (aka SmokeLoader), the infamous malware installer. Using the same "free COVID-19 testing" lure, attackers started switching attachments late last week, w/ an upgrade: malicious docs that use VBA stomping trick pic.twitter.com/WoaQq8Yvha
— Microsoft Security Intelligence (@MsftSecIntel) April 22, 2020
A recent report by BitDefender suggests malware and ransomware cyberattacks in the healthcare sector have increased significantly in the past three months as compared to the last year.
In another report, cybersecurity company Nuspire said phishing attacks have increased by 171% in the last three months. A lot of these incidents suggest that cybercriminals are designing threats around COVID-19 testing, maps, government notifications, and stimulus packages.
Hopefully, Microsoft’s data will help security researchers build solutions that can thwart coronavirus-related attacks in an efficient manner.