Microsoft Opens Its 'Threat Intelligence' So People Can Help Stop Coronavirus-Related Attacks

Microsoft - coronavirus

Hackers are always on the move to seek potential victims. And in this coronavirus-infected world, cybercriminals are more than happy to leverage the trend.

Among the many ways, hackers have piggybacked the big names of health, like the WHO, created a coronavirus dashboard map, and others.

Due to the variety of attacks, which mostly leverage some sorts of malware, businesses and organizations should always be on their toes to anticipate those forms of attacks.

Microsoft is one of the biggest players in the technology sector, and here, the company has decided to open source its COVID-19 threat intelligence.

By sharing what it knows, Microsoft hopes that it can provide the foundation for people to better defense themselves from hackers.

Using its COVID-19 threat intelligence, the entire security intelligence community can be more proactive in protecting, detecting and defending against coronavirus-related attacks.

In a blog post, Microsoft said that:

"A global threat requires a global response. While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cybercriminals using COVID-19 as a lure to mount attacks. As a security intelligence community, we are stronger when we share information that offers a more complete view of attackers’ shifting techniques. This more complete view enables us all to be more proactive in protecting, detecting, and defending against attacks."

Microsoft said that its own security products, such as its Microsoft Defender Advanced Threat Protection (ATP), are already equipped with built-in protections against coronavirus-related attacks and other threats.

The company has also published a detailed guidance titled “Responding to COVID-19 together” to help businesses and organizations combat them as well.

"Our threat experts are sharing examples of malicious lures and we have enabled guided hunting of COVID-themed threats using Azure Sentinel Notebooks," said Microsoft.

Microsoft Open-Sources Its COVID-19 Threat Intelligence
An example of an Advanced Hunting query in MTP that searches for any recipient of an attachment on the indicator list and sees if any recent anomalous log-ons happened on their machine. (Credit: Microsoft)

In the blog post, Microsoft explained that it will continue to maintain its threat intelligence feed during the peak of the coronavirus outbreak, saying that:

"This COVID-specific threat intelligence feed represents a start at sharing some of Microsoft’s COVID-related IOCs. We will continue to explore ways to improve the data over the duration of the crisis. While some threats and actors are still best defended more discreetly, we are committed to greater transparency and taking community feedback on what types of information is most useful to defenders in protecting against COVID-related threats. This is a time-limited feed. We are maintaining this feed through the peak of the outbreak to help organizations focus on recovery."

Microsoft in open-sourcing its COVID-19 threat intelligence is to make sure that others that don't benefit from its products, can still be protected against coronavirus-related threats.

"Today, we take our COVID-19 threat intelligence sharing a step further by making some of our own indicators available publicly for those that are not already protected by our solutions," said Microsoft.

By putting the project open-source, Microsoft is taking a step forward in making sure that it can raise awareness about how hackers are shifting their methods of attacks and techniques, how to spot them, and how others can hunt for threats on their own.

The company's indicators have been available in the Azure Sentinel GitHub, as well as through the Microsoft Graph Security API.

As for Microsoft Enterprise customers that use MISP for storing and sharing threat intelligence, they can access these indicators via a MISP feed.