EclecticIQ

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Attacks Target Healthcare Sector, Including COVID-19 Vaccine Research

EclecticIQ Threat Research Team January 14, 2021

Threat Intelligence Update Week 2-biweekly Report

Summary of Findings

  • COVID-19 vaccine research will remain a top target for APT groups throughout 2021. Threats to individual health privacy escalate with ransomware attacks against a wider range of medical institutions.

  • U.S. Treasury warns of ransomware using various COVID-19 vaccine lures.

  • Botnets shift attack focus to high-value targets and mass spam.

  • Bitcoin and Ethereum valuation increases will drive more attacks on cryptocurrencies.

  • SolarWinds compromise reporting implicates a single APT actor in a two-stage operation.

  • Separate supply chain attacks show APT groups will continue developing TTPs to compromise trust.

COVID-19 research will remain a top target for APT groups in 2021

Since March 2020, many APT groups have been reported targeting COVID-19 research. This risk will likely increase throughout 2021, as nations roll out vaccine programs and produce further research. The following are some examples:

  • Reporting has implicated the Lazarus APT group in three separate attacks related to COVID-19 research, including one attack on a pharmaceutical company on September 25, 2020, and another on an unnamed government health ministry on October 27.

  • In June 2020, Lazarus also conducted a broad phishing campaign targeted six nations on multiple continents whose governments have announced significant fiscal support to individuals and businesses impacted by the pandemic.

Healthcare-related ransomware attacks increased in 2020 compared to 2019

Reporting from Checkpoint detailed recent growth trends in healthcare-related ransomware attacks, speculating that attackers are taking advantage of hospitals’ willingness to meet ransom demands so they can avoid disruptions, especially during the COVID-19 outbreak. Canada and Germany saw the greatest increase in these specific types of attacks. Europe, East Asia, and Latin America were the regions most affected. It is unlikely that these trends indicate selective adversary targeting. Rather, the data very likely reflect variations in information security practices across different nations.

Ransomware operators use photos to escalate threats to patient privacy

After the recent compromise of a plastic surgery clinic, attackers threatened to release before and after photos of its celebrity patients. In a similar attack, a hacker threatened to reveal sensitive mental health records – in this case, going directly to the patients to extort payment. 

U.S. Treasury warns of high risk for ransomware using COVID-19 vaccine lures

According to the Financial Crimes Enforcement Network, threat actors will almost certainly increase attacks on financial institutions using varying COVID-19 vaccine lures to distribute a range of malware. Related attacks have already been detected. The greatest risk is very likely ransomware, and the greatest impact could be disruption and denial/degradation of services. The lures, which are applicable to anyone, are likely to attract special attention and cause anxiety that threat actors will leverage to their advantage for initial delivery of commodity malware. Risk very likely extends beyond the financial sector.

Multiple threat actors focus attacks on high-value targets using Emotet and mass spam

A new Emotet campaign that likely began in December 2020 targeted systems in Lithuania at the National Center for Public Health (NVSC) and in several municipalities. The Lithuania attack used phishing for delivery to people involved with coordinating the pandemic response. Concurrently, Emotet was reported to be used in a generic mass spam campaign.

Historically, Emotet has used simple spam to target a broad range of victims. But over the past year, EclecticIQ analysts observed threat actors developing highly specific TTPs with Emotet. In one instance, a targeted attack at the United Nations. The most recent operations use multiple TTPs, both generic and targeted, over a short period. This trend indicates Emotet developers are diversifying the types of threat actor groups they partner with to co-opt attacks.

Jump in cryptocurrency valuation expected to drive more attacks

EclecticIQ analysts have high confidence that threat actors will advance attacks against cryptocurrency wallets and brokers, following stunning valuation increases in Bitcoin (BTC) and Ethereum (ETH). A recent attack used fake companies in social engineering efforts to persuade victims to give up information and compromise their accounts. Meanwhile, the U.S. Office of the Comptroller of the Currency has announced federal support of blockchain-based cryptocurrency, possibly expanding financial opportunities for threat actors.

Reporting on SolarWinds supply chain compromise implicates single APT group in a two-stage operation using at least four malware families

U.S. law enforcement and intelligence agencies reported the campaign was almost certainly espionage and is “likely Russian in origin.” Further analysis indicates it is probable that a small fraction of SolarWinds customers in the United States received further infiltration by the APT group. Remaining customers downloading the initial trojanized SolarWinds application may be victims of extensive reconnaissance but did not receive the same second-stage payloads.

APT groups will continue developing TTPs focused on supply chain attacks

The North Korean APT group Thallium exploited and trojanized a private stock investment messaging application in a software supply chain attack targeting financial information. The attack produced a shell on victim systems and exfiltrated data over an FTP channel. The objectives of the attack are still unclear, but it provided a high level of access to victims and possibly to proprietary information.

This blog is part of an ongoing series of biweekly intelligence updates from EclecticIQ. Each blog covers the latest cybersecurity news, industry trends, and current and emerging threats based on our experts’ interpretation of data and other source materials. We may provide updates on the COVID-19 pandemic situation as well.

 

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2024 EclecticIQ B.V.
EclecticIQ. Intelligence, Automation, Collaboration.
Get demo