Category:Cyber Threat Intelligence
As the global COVID-19 crisis continues to escalate, organizations are facing an increasing number of cyber attacks aimed at exploiting the situation. Anomali and our threat intelligence ecosystem partners are continuously identifying attackers attempting to lure unsuspecting users with phishing, fraud, and disinformation campaigns.
To help you protect your company from these attacks, we have created a COVID-19 Resource Center to consolidate in this place threat intelligence and guidance, share updates, and point to free resources and tools as part of the effort to keep our community safe and secure. The resource center contains links to help from partners like the ones described below covering various use cases, as well as access to a threat bulletin from Anomali with 6,000 unique Coronavirus-themed Indicators of compromise (IOCs), a webcast to get you up to speed, and an infographic with a chronology of COVID-19-themed cyber attacks to provide some perspective.
Securing Remote Workers
Cisco: COVID-19 is forcing many people around the world to work remotely. This is putting a sudden strain on both IT and security teams who are being tasked with providing support for an unprecedented number of offsite workers and their devices. Visit the resource center for information about the free tools for remote workers and threat updates provided by Cisco.
Cofense: Cofense is providing Coronavirus-based YARA rule indicators and keywords, visual phishing examples, and expert phishing guidance Whenever there’s a major disaster, phishing emails follow, and this crisis is proving no exception. Accurate information can protect your users and organization. Visit the resource center for further information.
COVID-19 Domain Threat List
DomainTools: DomainTools is providing a free, publicly-available COVID-19 Threat List that helps organizations and individuals make better decisions about the risk posed by domains related to the Coronavirus threat. Visit the resource center for information about how to sign up.
Know Our Coronavirus Adversaries
Intel 471: In response to growing COVID-19 themed threats, Intel 471 launched Periscope, a Weekly Newsletter comprised of the most significant cybercriminal activity on the Dark Web. Intel 471 focuses on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyber attacks. Visit the resource center for links to sign-up information.
Protecting Health Care Operations
Kaspersky: To help medical organizations cope with the unprecedented pressure and provide some relief with respect to cybersecurity risks, Kaspersky is offering its B2B product solutions for free for 6 months. Continuity of operations and data protection is extremely critical for healthcare organizations as they mobilize to help people during this challenging time. Visit the resource center for links to resources provided by Kaspersky.
Keep Informed of Emerging Coronavirus-themed Threats
PolySwarm: PolySwarm has released an “Emerging Threats” public feed with a curated selection of the latest malware samples, and now includes a dedicated section for COVID-19-related cyber threats. It’s updated daily and free to use. PolySwarm is a threat detection marketplace used by security experts to analyze, detect & get intel on malicious files & digital artifacts. Visit the resource center for links to resources provided by Polyswarm.
Protect from Mule Accounts & Fraud Scams
Q6 Cyber: Q6 Cyber is publishing free weekly research reports detailing the latest COVID-related cyber and fraud scams. Cyber and fraud activity is on the rise, and mule recruitment is no exception. With millions of people laid off or working from home, this is a golden opportunity for cybercriminals and fraudsters to recruit witting and unwitting mules. Q6 Cyber’s intelligence helps companies proactively flag such accounts and prevent illicit money movements. Visit the resource center for links to resources provided by Q6 Cyber.
See the Big Picture
Silobreaker: Silobreaker is providing a daily COVID-19 Digest email and complimentary account access to Silobreaker, which helps you see the big picture with several COVID-19 dashboards created by their analyst team. Visit the resource center for links to more information.
Monitor the Dark Web
Sixgill: Sixgill has released a thorough and free report that explains how COVID-19 is affecting dark web activities, visit the resource center for links. Sixgill provides a fully automated cyber threat intelligence solution suite that helps organizations protect their critical assets, reduce fraud and data breaches, protect their brand and ultimately minimize attack surface.
Find Coronavirus-themed Malware
VMRay: COVID-19 has opened up a whole new arena of themed malware. VMRay is offering its customers additional advanced threat analysis and detection services with its platform built on best-of-breed sandbox technology to help them weather the crisis. Visit the resource center for details and sign-up information.