Critical Path Security is thrilled to be an active member of the COVID-19 CTI League! We are currently providing the only Zeek Threat Intelligence Feed from this group, as well as a full Darkweb Intelligence Processing Engine targeted directly at COVID-19 and Work From Home threats!
"Cyber threats related to Covid aren’t limited to vulnerable hardware at hospitals or malicious emails with attachments claiming to list cures. The dark web was exploding with hospital network administrator credentials—both real and fake—for sale. There were piles of stolen patient data. People were selling hydroxychloroquine pills and supposed Covid vaccines. “They shift their business tactic to whatever is the hot item at the moment,” says Sean O’Connor, an Atlanta-based league member who specializes in dark web infiltration. “And the hot item at the moment is Covid.”"
"Just a week after Zaidenberg had messaged Warfield, the league was fielding dozens of membership requests a day, taking a Wild West-like approach to building up an infrastructure as new volunteers tossed out ideas. “If you want to donate your time, we're not going to tell you what that looks like,” Warfield says. One member developed a bot that pulled data from the Shodan search engine in real time, scanning the internet for vulnerable hardware running on medical networks and automatically posting geolocation and network data to a dedicated Slack channel. Someone else built a bot to monitor BGP changes—BGP is the primary routing protocol for traffic on the internet, and big changes can indicate that someone’s hijacked a bunch of IP addresses."
https://www.wired.com/story/cyber-avengers-protecting-hospitals-ransomware/
Get our intelligence feed!
https://github.com/CriticalPathSecurity/COVID-THREAT-INTEL-PUBLIC-ZEEK