Microsoft Open-Sources its COVID-19 Threat Intelligence reports to aware users from hackers
According to the situation over the globe, hackers have gained enough time to hack systems and leak data from big agencies, companies, etc. Microsoft has gathered a huge number of queries and techniques of these hackers and wants to expose them to make people aware of those techniques.
The company says it processes “trillions of signals each day across identities, endpoint, cloud, applications, and email,” thus having broad visibility into a variety of COVID-19-themed attacks.
Microsoft has now decided to make its threat public, however, the company has been sharing examples of malicious lures and has provided guided hunting of COVID-themed threats through Azure Sentinel Notebooks.
Microsoft Threat Protection (MTP) can already keep customers safe from the threats identified by these indicators, but those who do not use the solution are not protected.
The company wants users to be aware of these hackers and their techniques, that can help a user to protect its data by detecting those techniques.
The company made the indicators available on both the Azure Sentinel GitHub repository and through the Microsoft Graph Security API. Enterprise customers that use MISP for storing and sharing threat intelligence can leverage these indicators via a MISP feed.
This threat intelligence is provided for use by the wider security community, as well as customers who would like to perform additional hunting, as we all defend against malicious actors seeking to exploit the COVID-19 crisis
Azure Sentinel customers can import these indicators using a Playbook or access them directly from queries. Both Office 365 ATP and Microsoft Defender ATP block attacks that employ these indicators.