The Power of Community to Fight COVID-19 Cyber Threats

April 3, 2020 | Amy Pace

Cybercriminals are taking advantage of the fear and uncertainty surrounding the current global health and economic situation as well as sudden shifts and exposures in IT environments to launch COVID-19 related attack campaigns. The bad guys are moving full-steam ahead in their efforts to lure victims by playing on their fears.

Fortunately, the security community is banding together to take on these cyber attackers by sharing vital threat information to help identify the adversaries and their evolving tactics. We’re seeing this first-hand in the AT&T Alien Labs Open Threat Exchange (OTX). The OTX community is responding and sharing information on COVID-related threats as they arise. The immediate, near real-time contributions of the OTX community gives Alien Labs a unique vantage point to monitor activity in the wild and deliver curated threat intelligence on new and evolving threats on a continual basis.

As of March 26, Alien Labs and the OTX community identified and contributed the following COVID-19 related threat intelligence:  

  • In total, OTX members contributed 419,643 COVID-related IOCs from January to March and 16,404,579 IOCs overall.
  • OTX experienced a 2,000% month-over-month increase (+382,973) from February to March with regard to the number of COVID-related IOCs contributed to OTX.
  • Staring in February, pulses about threats using COVID-19 to lure victims began steadily increasing, spiking as of March 23 with as much as 20% of overall daily pulses relating to threats using COVID-19.
  • In the month of March, COVID-related pulses made up 5% of the overall threat pulses published to OTX by members of the community.
  • From January 1, 2020 – March 26, 2020, the community published  85,000 pulses in total, including 250 individual pulses on threats related to COVID. 

covid pulses in OTX

HHS COVID pulse

Anyone can join the Alien Labs Open Threat Exchange to stay abreast of COVID-related threats

AT&T Alien Labs Open Threat Exchange (OTX) is among the largest threat intelligence sharing communities in the world. The power of OTX is the active engagement of its user base, with more than 140,000 security and IT professionals from 140 countries daily contributing and sharing threat information on threats as they arise. OTX combines the knowledge of a global community of security practitioners with AT&T Alien Labs dedicated professional research team to identify and provide analysis on emerging threats.

OTX enables anyone in the security community to actively discuss, research, validate, and share the latest threat data, trends, and techniques, strengthening your defenses while helping others do the same. Very importantly, OTX is completely free to use! We believe everyone should have access to timely and accurate threat intelligence.

Alien Labs and OTX in action:

  • Alien Labs researchers and the global community of OTX contributors react within hours to new and emerging threats in the wild by posting new threat information to the OTX platform.
  • Alien Labs goes beyond simply delivering threat indicators by enriching threat intelligence with qualitative research that provides deep insight into adversary TTPs.
  • OTX users can automatically download and use this threat intelligence in their own security monitoring tools for free through an API connection.
  • OTX users can also join and contribute to groups (public and private groups) that are exchanging information in real-time.

OTX and the COVID-19 Cyber Threat Coalition

The Cyber Threat Coalition is a community-driven coalition formed to share threat intelligence related to Covid-19 incidents. The coalition is using the OTX platform to share indicators of
compromise and has created a dedicated OTX group for sharing information on COVID-related threats. Join OTX today and start harnessing the power of a global security community.
 
 
Amy Pace

About the Author: Amy Pace

Amy is Lead Product Development Manager for AT&T Cybersecurity Open Threat Exchange (OTX). She has over 15 years of hands-on experience in information technology and security, holding lead roles in Sales Engineering, Technical Sales Enablement, Product Management, and Product Marketing. Prior to joining AT&T / AlienVault, she worked at NSS Labs, heading up the Product Marketing team for their cloud security platform.

Read more posts from Amy Pace ›

TAGS:

‹ BACK TO ALL BLOGS