Criminals have always found success using disasters and global epidemics in cyberattacks, and COVID-19 is no different. Our global telemetry is showing us a spike in threat infrastructure related to the pandemic that attackers are using to social engineer victims. To push back, we're providing lists of newly observed infrastructure matching coronavirus themes.
RiskIQ is making matches against 'covid', 'coronav', 'vaccine', 'pandemic', and 'virus' from its Newly Observed Host (NOH) feed available to the public. Note that no reputation filters or enrichment have been done on the results.
RiskIQ is providing a 30-day extended access code for Security Analysts and Threat Hunters looking to investigate this newly observed infrastructure. Apply the promo code COVID19 from the account settings page to enable the extended access. Users without an existing account can register for free.