Every noteworthy world event is seen by cyber threat actors as an opportunity, and the Corona virus (COVID-19) has proven to be no different. In response to the growing volume of COVID-19-themed cyber attacks we are seeing, Anomali has been working to collect, curate, and distribute the clear and concise open-source intelligence needed to help organizations defend against these campaigns. Anomali has just released two key resources – the COVID-19 Campaign Threat Model and a COVID-19 Threat Bulletin – to provide actionable intelligence that can be used to combat these cyber attack campaigns. These resources are continually updated with the latest COVID-19-related information, so subscribers will be receiving a steady stream of new, actionable intelligence:
Anomali COVID-19 Campaign Threat Model - Anomali has identified 15 distinct campaigns associated with 11 threat actors or groups distributing 39 different malware families using 80 various MITRE ATT&CK techniques to date, and this number will continue to grow.
Anomali COVID-19 Threat Bulletin - This Threat Bulletin provides both a narrative summarizing all COVID-19 related attacks Anomali has been tracking, and over 6,000 unique indicators of compromise (IOCs) that can be acted upon immediately.
What Can You Do with This Threat Intelligence?...and How to Do It
Our intent in aggregating and curating this threat intelligence is to provide organizations with high fidelity indicators of compromise (IOCs) that can immediately be pushed into their security stacks for rapid, proactive blocking and alerting. Security products that can take advantage of this actionable threat intelligence include SIEMs, endpoint detection and response platforms, firewalls, DNS servers, SOAR platforms, and other operational security products.
The Anomali COVID-19 Campaign Threat Model and COVID-19 Threat Bulletin are designed to be used in conjunction with Anomali ThreatStream, a threat intelligence platform that ..