EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Common Attack Patterns Still Feature in Modern Cyberattacks

Organizations of all types are most likely to benefit from focusing on tactics and techniques featured in common threats and attack patterns rather than highlighting cutting-edge cyberattacks to improve metrics and cyberdefense.

EclecticIQ Threat Research Team September 27, 2022

tap-2022-18

Synopsis

The Analyst Prompt Issue #18 briefly explores the hype around zero-day vulnerabilities and the benefit of focusing on tactics and techniques featured in common threats and attack patterns rather than highlighting cutting-edge cyberattacks to improve metrics and cyber defense. As an example of the value of strong fundamentals, we look at the initial reports about the Uber breach versus an analysis of current trends in zero-day use in cyberattacks.

Key Infrastructure and Critical Vulnerabilities: Zero-Day Software Vulnerabilities Remain High Profile, but are Not a Factor in the Majority of Successful Cyberattacks

Zero-day exploits have come under increased scrutiny after malware vendors including FinFisher, the NSO Group, Hacking Team, and others demonstrated a growing market for custom, paid-for exploits. Our increasingly connected world ensures constantly growing impacts from zero days. At the end of August, VX Underground reported a new iOS remote code execution vulnerability included in an exploit package listed for sale for 8 million dollars by a new Israeli company named Intellexa (1). Governments, cybercriminals - especially ransomware syndicates - and a growing population of actors consisting of private organizations and grey-hat hackers participate in markets for zero-day exploits (2, 3, 4).

Low-Touch (Including Zero-Click) Exploits for Popular Software Command the Highest Prices

Current trends indicate a possible shift in demand towards Android exploits although Apple still commands more lucrative pricing for new exploits. New VPN vulnerabilities remain highly popular and ransomware syndicates represent some of the most frequent buyers. The market for highly sophisticated exploits is likely to remain geographically localized and relatively constrained to distinct global regions. One theory is that demand is driven by exclusive connections with localized government buyers who stockpile zero days for use against their own regional targets. In this theory, the secrecy and hoarding mentality have the effect of reducing wider spread of the exploit (5). There is no consensus on which government is the biggest buyer of zero-days; the US government is very likely the largest acquirer of zero-day vulnerabilities, according to one source (6,7), but another report finds China is the largest user of zero-days (8). Despite the high profile of zero-day vulnerabilities, they remain sequestered and reserved only for a very small number of cyberattacks.

Threat Actor Update: Publicly Available Evidence Supporting Uber Cyberattack Attribution to Lapsus$ is Lacking

Uber announced it suffered a security breach in mid-September. On its website, Uber attributed the attack to the cybercriminal group Lapsus$. (9) Attribution in a cyberattack can be challenging. Sufficient detail for firm cyberattack attribution is often lacking. It is too early in the Uber investigation for analysts outside Uber to be able to do an adequate and substantial detailed analysis of TTPs (Tactics, Techniques, and Procedures). Lapsus$ is an amorphous cybercriminal group very likely consisting of members that drop in and out frequently, which makes reliable attribution to the “group” challenging. The group has not demonstrated consistent TTPs in prior known cyberattacks that would help independent analysts easily attribute the Uber attack to Lapsus$.

The Latest Cyberattack Against Uber Showcases a Lower Level of Access Expected Within the Context of Most Modern Cyberattacks

If exposure of account credentials, which is common, led to such a high-profile and successful attack, then weakness in MFA (multifactor authentication) implementation may implicate wider security issues at Uber and other companies that apply high-trust oriented security protocols, such as MFA. A hardware key providing MFA codes could have significantly mitigated consequences of the initial account compromise.

Zero-Days Simply Aren’t Used in Many Cyberattacks And so Remain Uncommon Threats

The Uber attack is more representative of the type of cyberattack most organizations are likely to experience. While many different technologies and types of networks today create large attack surfaces for threat actors to exploit, EclecticIQ analysts observe the myriad unauthorized parties seeking to monetize stolen data still most commonly compromise networks relying on failures in basic information security practices rather than more complicated zero-day exploits. Beyond solid MFA application and enforcement, businesses of all sizes must practice multilayered security throughout their network by assuming initial compromise will occur in their threat model. Networks should incorporate zero-trust practices and integrated XDR capabilities to reach endpoints for immediate mitigation.

About EclecticIQ Intelligence & Research Team

EclecticIQ is a global provider of threat intelligence, hunting, and response technology and services. Headquartered in Amsterdam, the EclecticIQ Intelligence & Research Team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com or fill in the EclecticIQ Audience Interest Survey to drive our research towards your priority area.

Structured Data

Find the Analyst Prompt and earlier editions in our public TAXII collection for easy use in your security stack.

TAXII v1 Discovery services: https://cti.eclecticiq.com/taxii/discovery

Please refer to our support page for guidance on how to access the feeds.

You might also be interested in:

Network Environment-Focused Conversations Needed in Approaches to Cyber Security

Emotet Downloader Document Uses Regsvr32 for Execution

AI Facial Recognition Used in Ukraine/Russia War Prone to Vulnerabilities

Appendix

  1. https://securityaffairs.co/wordpress/134962/malware/surveillance-firm-intellexa-offer.html
  2. https://techmonitor.ai/cybercrime-future/zero-day-vulnerability-exploit-spyware
  3. https://www.techtarget.com/searchsecurity/news/252508220/Burned-by-Apple-researchers-mull-selling-zero-days-to-brokers
  4. https://securityaffairs.co/wordpress/124690/cyber-crime/zero-day-exploit-markets.html
  5. https://www.lawfareblog.com/hack-global-buy-local-inefficiencies-zero-day-exploit-market
  6. https://jia.sipa.columbia.edu/online-articles/healey_vulnerability_equities_process
  7. https://securityaffairs.co/wordpress/14561/malware/zero-day-market-governments-main-buyers.html
  8. https://www.mandiant.com/resources/blog/zero-days-exploited-2021
  9. https://www.uber.com/newsroom/security-update/ 

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2022 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo