Playbook Fridays: Potential Zoom-related Threats Dashboard

This Dashboard was created to track potential Zoom-related intelligence and indicators as the news of it being vulnerable was widely publicized. With many of us working from home these days, and in general more people being at home – attackers know this and know they have a much larger number of Zoom users to exploit.

The Zoom-related Dashboard offers a single pane of glass view into potential Zoom related threats, aggregating all potentially related IOCs and Threat Intelligence products into one, easy-to-digest Dashboard for quick analysis. Users can click on a Tag in the Zoom Related Tag card for more information on each Tag.

To create the Dashboard, use the following:

Zoom related tags: tag in ("zoom", "zoom conference", "specified targets: zoom")
Zoom Related Intelligence: (hasGroup( typename = ("Adversary", "Campaign", "Document", "Email", "Event", "Incident", "Intrusion Set", "Report", "Signature", "Task", "Threat") and tag in ("zoom", "zoom conference", "specified targets: zoom")) or tag in ("zoom", "zoom conference", "specified targets: zoom") or summary contains "zoom" or summary contains "zoom conference") and dateAdded > "02-01-2020"
Zoom Related IOCs: (hasGroup( typename = ("Adversary", "Campaign", "Document", "Email", "Event", "Incident", "Intrusion Set", "Report", "Signature", "Task", "Threat") and tag in ("zoom", "zoom conference", "specified targets: zoom")) or tag in ("zoom", "zoom conference", "specified targets: zoom") or summary contains "zoom" or summary contains "zoom conference") and dateAdded > "02-01-2020"

 

Dashboard as of 4/10/2020

ThreatConnect
About the Author
ThreatConnect

By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at www.threatconnect.com.