Login

Register

Login

Register


Deliver COVID-19 Intelligence to Your Security Controls

Malicious actors continue to leverage the global Coronavirus (COVID-19) pandemic to register phishing and malware domains to lure unsuspecting users into disclosing their credentials or downloading and executing malware onto their systems. Anomali and our partner ecosystem have publicly released data and information to identify, monitor, and respond to the latest threats to thwart malicious Coronavirus (COVID-19) themed activity from impacting customer’s information systems and networks. In this latest blog, we detail how to collect the new and rich data source offered by Anomali partner DomainTools and how to operationalize this data within ThreatStream, the industry-leading Threat Intelligence Platform (TIP).

Details

On March 23, 2020, Anomali partner DomainTools released a free COVID-19 Threat List.  In the list, users can find Coronavirus (COVID-19) malicious domain name permutations covering more than 60 relevant keywords such as Covid, c0vid, c0v1d, Corona, carona, and corrona. Moreover, the threat list filters out any domains below a Domain Risk Score of 70. According to DomainTools, the Domain Risk Score is a proprietary machine-learning classifier to analyze the intrinsic properties of a domain, identifying patterns consistent with malware, phishing, spam, or neutral domains.
MITRE Pre-ATT&CK Techniques: Buy domain name (T1328) | Spearphishing for Information (T1397)
MITRE Enterprise ATT&CK Techniques: Spearphishing Attachment (T1193) | Spearphishing Link (T1192)

Figure 1. Free COVID-19 Threat List – Domain Risk Assessments for Coronavirus Threats (Source: DomainTools)

How Anomali Customers Leverage the COVID-19 Threat List

The Anomali Threat Research team has curated the COVID-19 Threat List and imported the close to 65,000 suspicious and malicious domains into ThreatStream to help customers protect and defend their organizations. Anomali empowers our customers to operationalize and take action on this data in multiple ways such as:

  • Identify attack trends, map out the adversary’s infrastructure, and discover tactics, techniques, and procedures employed by adversaries using the Investigations Workbench and Enrichments within ThreatStream
  • Automate threat intelligence ingestion and deployment to downstream security systems via Integrator to proactively block access to high-risk COVID-19 themed domains at their organization’s defensive technologies
  • Correlate high-risk COVID-19 themed domains against internal event logs using Anomali Match to identify current and historical sightings indicative of a compromised host or network
  • Ingest the domains into their Security Information and Event Management (SIEM) instances such as Splunk to automatically scan events against the observables associated to the Coronavirus (COVID-19) Cyber Threats Threat Bulletin
  • Use Trusted Circles as a mechanism for real-time threat intelligence sharing and collaboration with industry peers and sharing groups to maintain situational awareness and establish community-based protections on a specific Campaign, adversary, or Incident  
  • Use Anomali Lens to determine if there are any observables in the aforementioned article (and others during their research) that are relevant to their environment by scanning the page and seeing if there are any Matches

Of note, this Threat Bulletin was announced on March 24, 2020 and provides our customers with a steady stream of new, actionable intelligence.

Figure 2. ThreatStream Observables Search page filtered on DomainTools – COVID-19 Threat List



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
HACKER FOR HIRE MURDERS
 

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW