Latest Threat Intelligence (January 25th, 2021)

%3CLINGO-SUB%20id%3D%22lingo-sub-2101560%22%20slang%3D%22en-US%22%3ELatest%20Threat%20Intelligence%20(January%2025th%2C%202021)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2101560%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMicrosoft%20has%20released%20the%20January%202021%20Threat%20Intelligence%20update%20package.%20The%20package%20is%20available%20for%20download%20from%20the%20%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fms.portal.azure.com%2F%23blade%2FMicrosoft_Azure_IoT_Defender%2FIoTDefenderDashboard%2FGetting_Started%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EAzure%20Defender%20for%20IoT%20portal.%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThreat%20Intelligence%20updates%20reflect%20the%20combined%20impact%20of%20proprietary%20research%20and%20threat%20intelligence%20carried%20out%20by%20Microsoft%20security%20teams.%26nbsp%3B%3CSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1969088047%22%20id%3D%22toc-hId-1969088020%22%3E%3CSTRONG%3EWhat%20does%20the%20Threat%20Intelligence%20(TI)%20package%20include%3F%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3EThe%20January%20Threat%20Intelligence%20package%20includes%20the%20latest%20detections%20for%20the%20SolarWinds%20Orion%20Breach%3B%20More%20than%20a%20month%20into%20the%20discovery%20of%20Solorigate%2C%20investigations%20continue%20to%20unearth%20more%20details%20the%20second-stage%20exploitation%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EDetections%20for%20the%20Sunburst%2C%20Supernova%20and%20Raindrop%20backdoors.%3C%2FLI%3E%0A%3CLI%3EPayloads%20associated%20with%20these%20backdoors%20%E2%80%93%20indicators%20for%20use%20of%20the%20FireEye%20red-team%20tools%20and%20cobalt%20strike%20payload.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EFor%20more%20information%2C%20go%20to%20%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2021%2F01%2F20%2Fdeep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EDeep%20dive%20into%20the%20Solorigate%20second-stage%20activation%3A%20From%20SUNBURST%20to%20TEARDROP%20and%20Raindrop%20-%20Microsoft%20Security%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20addition%2C%20the%20package%20also%20includes%20the%20latest%20CVEs%20publications%20applicable%20for%20IoT%2FICS%2FOT%20networks.%3C%2FP%3E%0A%3CP%3E%3CU%3EWe%20highly%20recommend%20that%20you%20deploy%20the%20latest%20TI%20package!%3C%2FU%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-161633584%22%20id%3D%22toc-hId-161633557%22%3E%3CSTRONG%3EUpdate%20your%20system%20with%20the%20latest%20TI%20package%3A%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3EThe%20package%20can%20be%20downloaded%20from%20the%20Azure%20Defender%20for%20IoT%20Portal%2C%20Updates%20page%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22arielsgv_0-1611747198566.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F249789iB7E5A05FF362F647%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22arielsgv_0-1611747198566.png%22%20alt%3D%22arielsgv_0-1611747198566.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20update%20a%20package%20on%20a%20single%20sensor%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EGo%20to%20the%20Azure%20Defender%20for%20IoT%20%3CSTRONG%3EUpdates%3C%2FSTRONG%3E%20page.%3C%2FLI%3E%0A%3CLI%3EDownload%20and%20save%20the%20%3CSTRONG%3EThreat%20Intelligence%3C%2FSTRONG%3E%20package.%3C%2FLI%3E%0A%3CLI%3ESign%20into%20the%20sensor%20console.%3C%2FLI%3E%0A%3CLI%3EOn%20the%20side%20menu%2C%20select%20%3CSTRONG%3ESystem%20Settings%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3CLI%3ESelect%20%3CSTRONG%3EThreat%20Intelligence%20Data%3C%2FSTRONG%3E%2C%20and%20then%20select%20%3CSTRONG%3EUpdate%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3CLI%3EUpload%20the%20new%20package.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3ETo%20update%20a%20package%20on%20multiple%20sensors%20simultaneously%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EGo%20to%20the%20Azure%20Defender%20for%20IoT%20%3CSTRONG%3EUpdates%3C%2FSTRONG%3E%20page.%3C%2FLI%3E%0A%3CLI%3EDownload%20and%20save%20the%20%3CSTRONG%3EThreat%20Intelligence%3C%2FSTRONG%3E%20package.%3C%2FLI%3E%0A%3CLI%3ESign%20into%20the%20management%20console.%3C%2FLI%3E%0A%3CLI%3EOn%20the%20side%20menu%2C%20select%20%3CSTRONG%3ESystem%20Settings%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3CLI%3EIn%20the%20%3CSTRONG%3ESensor%20Engine%20Configuration%3C%2FSTRONG%3E%20section%2C%20select%20the%20sensors%20that%20should%20receive%20the%20updated%20packages.%3C%2FLI%3E%0A%3CLI%3EIn%20the%20%3CSTRONG%3ESelect%20Threat%20Intelligence%20Data%3C%2FSTRONG%3E%20section%2C%20select%20the%20plus%20sign%20(%3CSTRONG%3E%2B%3C%2FSTRONG%3E).%3C%2FLI%3E%0A%3CLI%3EUpload%20the%20package.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EFor%20more%20information%2C%20please%20review%20%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fdefender-for-iot%2Fhow-to-work-with-threat-intelligence-packages%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EUpdate%20threat%20intelligence%20data%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20data-unlink%3D%22true%22%3E%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F836799%22%20target%3D%22_blank%22%3E%40arielsgv%3C%2FA%3E%3C%2FSTRONG%3E%3CSPAN%3E%2C%20Azure%20Defender%20for%20IoT%20%2C%20Senior%20%3C%2FSPAN%3EProgram%3CSPAN%3E%20Manager%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSTRONG%3EAhi%20Booganim%2C%3C%2FSTRONG%3E%20%26nbsp%3B%3CSPAN%3EAzure%20Defender%20for%20IoT%20%2C%20Senior%20%3C%2FSPAN%3EProgram%3CSPAN%3E%20Manager%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2101560%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eraindrop%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esolarwinds%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esolorigate%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esunburst%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esupernova%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

 

Microsoft has released the January 2021 Threat Intelligence update package. The package is available for download from the Azure Defender for IoT portal  (click Updates, then Download file).

 

Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. 
arielsgv_0-1611747198566.png

 

What does the Threat Intelligence (TI) package include?

The January Threat Intelligence package includes the latest detections for the SolarWinds Orion Breach; More than a month into the discovery of Solorigate, investigations continue to unearth more details the second-stage exploitation:

  1. Detections for the Sunburst, Supernova and Raindrop backdoors.
  2. Payloads associated with these backdoors – indicators for use of the FireEye red-team tools and cobalt strike payload.

For more information, go to Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop - Micr...

 

In addition, the package also includes the latest CVEs publications applicable for IoT/ICS/OT networks.

We highly recommend that you deploy the latest TI package!

 

Update your system with the latest TI package:

The package can be downloaded from the Azure Defender for IoT Portal, Updates page:

arielsgv_0-1611781216258.png

 

To update a package on a single sensor:

  1. Go to the Azure Defender for IoT Updates page.
  2. Download and save the Threat Intelligence package.
  3. Sign into the sensor console.
  4. On the side menu, select System Settings.
  5. Select Threat Intelligence Data, and then select Update.
  6. Upload the new package.

To update a package on multiple sensors simultaneously:

  1. Go to the Azure Defender for IoT Updates page.
  2. Download and save the Threat Intelligence package.
  3. Sign into the management console.
  4. On the side menu, select System Settings.
  5. In the Sensor Engine Configuration section, select the sensors that should receive the updated packages.
  6. In the Select Threat Intelligence Data section, select the plus sign (+).
  7. Upload the package.

For more information, please review Update threat intelligence data | Microsoft Docs

 

Ahi Booganim,  Azure Defender for IoT , Senior Program Manager

@arielsgv, Azure Defender for IoT , Senior Program Manager

0 Replies
www.000webhost.com