Covid-19 Threat Intelligence Open Source

Right now, global is facing a common threat of COVID-19 where the global response will be required on global threats. As a result, the IT team has been working overtime in order to ensure their system been protected from any attacker via malicious and common attack vector.

From the security intelligence community’s point of view, the IT team will be stronger if the information on the attacker’s shifting technique is been shared from around the world. In this situation, we need to come together to fight against cyberattack’s methods.

Around early this year, Microsoft’s security product has improved and provided built-in protection that will be against those threats. Besides that, Microsoft also has published a fully well written on guidance where it will use to assist the organizations in combating the current threats like COVID-19.

As for customer that use Microsoft Threat Protection is fully protected against the threats that been discovered and verify via endpoints with Microsoft Defender Advanced Threat Protection including those email installed with Office365.

Source: Update on the COVID 19 video, Vetting Threat Intelligence

What is Azure Sentinel and Microsoft Threat Protection

Those for who might not familiar with Azure Sentinel, they are current computing platform that also used Cloud as their platform. It also has given freedom in terms of build, manage, and deploy the application anywhere anytime with the application Azure.

Mircosoft Threat Protection can be considered as a combined pre-breach and post-breach defense suite that runs the procedure such as detection, prevention, investigation, and response throughout the email, application, and endpoints.

Azure Sentinel queries can be accessed directly where the user can see these indicator that shown in the picture

Azure Sentinel logs.

Azure has also provided sample detection where others can play around with the queries.

If the Azure is been configure correctly, the user will receive an alert notification indicated that the application is been compromised by the threats.

Email Phishing campaigns examples

The following is the example of the Phishing campaign example that been send via email to the victims. Some of the emails seem legit but the user will need to be really careful with the email especially link and attachments.

Example 1

World Health Organization phishing email.

Example 2

Red Cross phishing email.

Example 3

Financial relief phishing email.

Example 4

Coronavirus-themed phishing email.

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *