Microsoft announced Thursday that it is making public the threat intelligence it collects about hacking activities linked to the new corona virus,media reported. “As a security intelligence community, we are even stronger when the information we share provides a more complete picture of the attacker’s transfer technology,” Microsoft’s threat intelligence team said in a blog post. “This more complete view allows us to be more proactive in protecting, detecting, and defending against attacks. “
Microsoft has decided to open its feed stousher to raise awareness of the evolving technology that attackers are changing during the new crown pandemic — especially for those who may not have the broad visibility the company has. “Microsoft processes trillions of signals every day across identities, endpoints, the cloud, applications, and e-mail, providing us with visibility into a wide range of COVID-19 themed attacks, enabling us to detect, protect, and respond to them throughout the security stack,” the security team wrote. “
Michael Daniel, president and chief executive of Cyber Threat Alliance, a 26-member network security threat-sharing nonprofit, said the shift in crime during the pandemic was the first time it targeted people using the new platform.
“Overall, the number of malicious activity in the security industry has not increased; but we are seeing a rapid and dramatic shift in the focus of this criminal activity,” Daniel, a former White House cybersecurity coordinator, told CyberScoop. “The bad guys have tried to take advantage of people’s fears, the lack of overall information, and the increase in first-time users of many online platforms to shift the focus to the related topics of COVID-19. “
Microsoft made the move just months after cybercriminals and state actors began targeting victims globally with new crown viruses and health care-themed spearphishing emails or fake mobile apps. The information Microsoft is providing includes file hash indicators used in malicious attachments in a spear-phishing email activity related to the pandemic. Many of these email baits mimic the World Health Organization and the Red Cross brand, while others appear to be sharing information about COVID-19 with targets.
The 283 threat metrics shared by Microsoft are available through Microsoft’s Graph Security API or Azure Sentinel’s GitHub page.
Sarah Jones, senior chief analyst at Mandiant Threat Intelligence, told CyberScoop that such public sharing is likely to help small and medium-sized businesses working to combat the threat strains associated with the new coronavirus. “We haven’t had a chance to see this capability at Microsoft, but having multiple ways to consolidate and query external intel feeds is always helpful for network defenders.” Ones said. “In addition, the release of high-quality and audited ‘Procreal stors’ feeds to customers can be a power multiplier for small and medium-sized businesses.” “
Aaron Higbee, Cofense’s chief technology officer, welcomed the move, but added that the misuse of phishing emails from Microsoft Office 365 was rampant. “We commend all efforts to protect people from phishing attacks that exploit fear and concern about the pandemic. Higbee told CyberScoop. “Cofense’s customers are increasingly unhappy that Microsoft can’t filter out phishing emails. They get particularly annoyed when they learn that phishing emails are from Office 365 accounts and that the phishing kit is hosted on Office 365. I’m curious about how many of the 283 phishing metrics Microsoft chooses to share are hosted within Office 365. “
A few weeks ago, several groups of cyber security volunteers banded together to help health care providers respond to sudden cyber security threats during a pandemic. Other companies have previously announced that they are providing services more widely.