Microsoft Provides Alerts on New COVID-19 Scams, Announces Open-Source Threat Intel, and Protection Tips

Microsoft processes trillions of signals every day across identities, endpoints, cloud, applications, and email, providing visibility into a wide range of cyberattacks across the globe, allowing other organizations to detect and respond to threats across the entire security stack.

Recent alerts from the tech giant

  • Microsoft warned against a new COVID-19 phishing campaign that purports to come from Johns Hopkins Center, along with an attachment titled “WHO COVID-19 SITUATION REPORT.” In this campaign, attackers use malicious Excel 4.0 macro & run NetSupport Manager RAT to gain access to victims’ remote machines.
  • Microsoft has released a security advisory to mitigate the NXNSAttack vulnerability in DNS servers that could be used to amplify a single DNS request into a DDoS attack against authoritative DNS servers.
  • The Microsoft Security Intelligence team discovered a new phishing campaign in which threat actors imitated the phishing pages with respect to recent design changes on the Azure AD login screen. Azure AD is the single sign-on gateway to Microsoft’s cloud service and third-party apps.
  • Another phishing scam—with the subject line “Business Document Received”—was found reaching potential victims informing them about a fake OneDrive document (as a PDF attachment). Upon clicking the link, it will redirect users to the fake Azure AD sign-in page.

Major announcement

In response to global cyberthreat arising due to cybercriminals using COVID-19 as a lure, Microsoft last week announced that it will open-source its threat intel collection to help security teams ward off such cyberattacks.
  • It will help onlookers raise awareness of attackers’ shift in techniques, how to spot them, and how to enable custom hunting. 
  • The release included file hash indicators related to email-based attachments identified as malicious COVID-19 lure. “This is a time-limited feed. We are maintaining this feed through the peak of the outbreak to help organizations focus on recovery,” as read on the blog. 

Earlier, it had also published detailed guidance to help organizations combat current threats.

Prevention tips

Microsoft gives the below tips for protection from COVID-19 themed cyberthreats and lures:
  • Have the latest security updates installed with an antivirus or anti-malware service. 
  • Use multi-factor authentication (MFA) on all your accounts.
  • Windows 10 devices need to turn on cloud-delivered protection and automatic sample submission. It communicates with AI and ML-powered algorithms to quickly identify and stop new and unknown threats.
  • Turn ON the protection features of email services on your systems.
  • Office 365 users can learn about Exchange Online Protection and Office 365 ATP.
  • Keep educating friends, family, and colleagues about how to filter phishing emails and report them.

Organizations need to react swiftly once any cyber incident is reported. However, in the case of ransomware attacks, there is barely any time to react once an infection is detected. Microsoft has listed out steps to follow, guiding how an organization can respond immediately to it.