The Power of Community to Fight COVID-19 Cyber Threats

Cybercriminals are taking advantage of the fear and uncertainty surrounding the current global health and economic situation as well as sudden shifts and exposures in IT environments to launch COVID-19 related attack campaigns. The bad guys are moving full-steam ahead in their efforts to lure victims by playing on their fears.

Fortunately, the security community is banding together to take on these cyber attackers by sharing vital threat information to help identify the adversaries and their evolving tactics. We’re seeing this first-hand in the LeveBlue Labs Open Threat Exchange (OTX). The OTX community is responding and sharing information on COVID-related threats as they arise. The immediate, near real-time contributions of the OTX community gives Alien Labs a unique vantage point to monitor activity in the wild and deliver curated threat intelligence on new and evolving threats on a continual basis.

As of March 26, Alien Labs and the OTX community identified and contributed the following COVID-19 related threat intelligence:  

• In total, OTX members contributed 419,643 COVID-related IOCs from January to March and 16,404,579 IOCs overall.
• OTX experienced a 2,000% month-over-month increase (+382,973) from February to March with regard to the number of COVID-related IOCs contributed to OTX.
• Staring in February, pulses about threats using COVID-19 to lure victims began steadily increasing, spiking as of March 23 with as much as 20% of overall daily pulses relating to threats using COVID-19.
• In the month of March, COVID-related pulses made up 5% of the overall threat pulses published to OTX by members of the community.
• From January 1, 2020 – March 26, 2020, the community published  85,000 pulses in total, including 250 individual pulses on threats related to COVID. 

Anyone can join the LevelBlue Labs Open Threat Exchange to stay abreast of COVID-related threats

LevelBlue Labs Open Threat Exchange (OTX) is among the largest threat intelligence sharing communities in the world. The power of OTX is the active engagement of its user base, with more than 140,000 security and IT professionals from 140 countries daily contributing and sharing threat information on threats as they arise. OTX combines the knowledge of a global community of security practitioners with LevelBlue Labs dedicated professional research team to identify and provide analysis on emerging threats.

OTX enables anyone in the security community to actively discuss, research, validate, and share the latest threat data, trends, and techniques, strengthening your defenses while helping others do the same. Very importantly, OTX is completely free to use! We believe everyone should have access to timely and accurate threat intelligence.

Alien Labs and OTX in action:

• LevelBlue Labs researchers and the global community of OTX contributors react within hours to new and emerging threats in the wild by posting new threat information to the OTX platform.
• LevelBlue Labs goes beyond simply delivering threat indicators by enriching threat intelligence with qualitative research that provides deep insight into adversary TTPs.
• OTX users can automatically download and use this threat intelligence in their own security monitoring tools for free through an API connection.
• OTX users can also join and contribute to groups (public and private groups) that are exchanging information in real-time.