In response to the growing threat of Coronavirus (COVID-19)-themed cyberattacks, Anomali, recently publicly released over 6,000 open source Indicators of Compromise (IOCs) that were collected, curated, and validated by Anomali researchers.
In addition, Anomali has also released a related Threat Bulletin providing a narrative description of the attacks being seen. This actionable threat intelligence, which identifies COVID-19-related threats and the malicious actors looking to capitalize on the pandemic, is available now for organizations to immediately feed into their cybersecurity technologies to rapidly and proactively block the identified threats.
- For Anomali customers – the Anomali COVID-19 Campaign Threat Model and COVID-19 Threat Bulletin are automatically available for use by organizations with access to Anomali ThreatStream—including all of Anomali’s enterprise clients and over 2,000 organizations participating in threat intelligence-sharing communities powered by Anomali.
- For other organizations – Anomali have made static versions of this threat intelligence available for download.
Anomali researchers found 6,200 Indicators of Compromise (IOCs) and at least 15 distinct campaigns associated with 11 threat actors or groups distributing 39 different malware families using 80 various MITRE ATT&CK techniques. Given the spike in malicious activity related to COVID-19, combined with governments and businesses enforcing social distancing and remote work, we assess the threat presented by COVID-19-related phishing campaigns against public and private enterprises will continue to rise. This graphic provides a chronology of COVID-19-related cyber activity.
“Anomali recognizes this pandemic as a particularly stressful time for cybersecurity experts already burdened with the fears we are all facing. With that in mind, we want to ensure the widest dissemination of this vital threat intelligence, regardless of whether organizations are our current clients,” said Hugh Njemanze, CEO of Anomali.