Microsoft Open Sources its Coronavirus Threat Data

May. 20, 2020

10:00-10:00AM PST

Cybercriminals have been busy in the last couple of months, using the COVID-19 pandemic to hack people and companies. Microsoft decided to open-source its data about these cyber threats in order to better combat cybercriminals and look for ways to protect vulnerable users. The hope is that by sharing this information, they can get a better view of the techniques hackers are using and help defend better against cyberattacks.

Increases in Attacks

In the three months since the pandemic began, there has been an increase in cyberattacks of 600%, and a majority of these have been claims of coronavirus testing, stimulus packages, notifications from the government, and fake pandemic maps.

Cyberattacks in hospitals increased by about 60 percent from February to March. Many of the attacks on hospitals are ransomware, though the software that hospitals are using has been highly successful at blocking these ransomware attacks.

Major Targets

Fraudsters have been sending emails claiming to be from the World Health Organization (WHO) or the Center for Disease Control (CDC) and claiming they have information about the pandemic. These often have malicious links; some even have attachments that claim they have a list of infected people in your area. Others will ask you for a Bitcoin donation to help support research for the virus or want your contact information to send you what they claim to be exclusive information on COVID-19.

Just a few weeks ago, WHO confirmed that approximately 450 email addresses and passwords for active employees were leaked; other groups working on COVID-19 responses also had thousands of credentials leaks.

One group that has been widely targeted is remote workers. "With so many people working from home, remote work software like Skype, Slack, Zoom, and WebEx are starting to become popular themes of phishing lures. We recently uncovered an interesting Skype phishing email that an end-user reported to [Cofense] Phishing Defense Center," Cofense researchers explained. The scammers have been sending out fake videoconferencing notifications aimed at getting access to Zoom and Skype credentials. Hackers have also been infiltrating videoconferences and disrupting meetings.

Spreading Awareness

The software giant has been sharing examples of some of the different phishing emails being used by these hackers on their Twitter in the hope that they can get this information out to more people more quickly.

In a blog post, Microsoft said they have been processing "trillions of signals each day across identities, endpoint, cloud, applications, and email, which provides visibility into a broad range of COVID-19-themed attacks, allowing us to detect, protect, and respond to them across our entire security stack. Today, we take our COVID-19 threat intelligence sharing a step further by making some of our own indicators available publicly for those that are not already protected by our solutions."

Where to Find Indicators

Microsoft released a guidebook for Azure Sentinel Notebooks to help hunt for these attacks, and they assured those with Microsoft Threat Protection that they were protected from the identified threats.

The indicators are available through the Microsoft Graph Security API, in the Azure Sentinel GitHub, and in the MISP feed.

Protecting Yourself

Since Microsoft cannot identify and stop every threat as soon as it appears, you should be prepared to take measures for your own cybersecurity. If you receive an email asking for money for research for the coronavirus, take a moment to scrutinize the message before you click on anything or give them anything. If you receive emails that claim to have pandemic maps or special information about the IRS stimulus checks, it is highly likely the email is a phishing scam.

It is a good policy to not click on anything unless you are 100 percent sure that it is from a source you can trust. If it seems iffy, you can always call the organization the email is supposed to be from to see if they truly sent it to you. Do not download any attachments unless you are sure that it is from who you think it is from; fake attachments often have spyware or malware included that gets to tunnel through your computer once you open that attachment.

The steps are simple if you believe your information has been compromised. First, run a virus scan on your computer, change your passwords from a different device than the one you opened the email in, and contact your bank — if your bank account was jeopardized.

One way to help yourself feel safer when you are checking your email is to contact an email security service to help give you an extra layer of protection when you are checking your email.



ARSENE, Liviu. “Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic.” Bitdefender Labs, 14 May 2020,

Davis, Jessica. “New COVID-19 Phishing Campaigns Target Zoom, Skype User Credentials.” HealthITSecurity, HealthITSecurity, 27 Apr. 2020,

Dowdell, Sophie. “600% Increase in COVID-19 Related Phishing Attacks.” IT Security Guru, 16 Apr. 2020,

“Open-Sourcing New COVID-19 Threat Intelligence.” Microsoft Security, 14 May 2020,

Try Trustifi Today


See if Trustifi Is Right for Your Organization