EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

EclecticIQ Pandemic Intelligence Update - Week 24

Fusion Center June 9, 2020

EIQ_corona_FC_CTI_report_blogimage24As Europe’s leading cyber threat intelligence company, we at EclecticIQ have decided to make use of our resources and provide the community with custom reports on threats connected to the COVID-19 pandemic throughout the duration of the crisis.

This is the twelfth report in a weekly series of updates to inform of important developments to COVID-19-themed attacks.

Key Findings
  • Multiple reports indicate attack volume is decreasing from peak activity since the start of the pandemic.
  • Threats to the workforce are changing as lockdowns ends.
  • Pre-pandemic risks are likely to retake center-stage.
Analysis

Data Indicates Threat Actors Are Launching Attacks in Less Volume

Pandemic related lockdown, in many places, is starting to deescalate. Threats are very likely to shift back to similar patterns prior to the pandemic. Checkpoint data suggests that attacks from high-volume attacks are currently increasing in the short term, as employees return to more normal working conditions. The data from Checkpoint and other data trends indicate that overall attack volume is still decreasing in a larger downward trend, relative to peak activity since the start of the pandemic.

Peak attack volume featuring commodity malware occurred approximately across mid-March to early May. Threat Coalition data also supports this peak-range. Checkpoint’s data shows that in the last week, 2.5% of newly registered domains expressing COVID-19 themes were malicious and an additional 16% of the total were “suspicious”. The ratio of malicious COVID-19 themed domains appears to be sliding below rates observed earlier that were closer to 12%. Domain measurement provides a limited window into the most common and highest volume attacks.

New TTPs (Tactics, Techniques, and Procedures)

The same Checkpoint report highlights that threat actors are keying into further opportunities presented by the transition of employees back to more normal working environments. Threat actors are using medical-leave and job opportunity lures in campaigns. The lures do not employ special TTPs (Techniques, Tactics, and Procedures), but are designed to cast a wide net and take advantage of people who are newly looking for work. Unemployment is higher in many countries now. Other people are looking for a method to continue their remote work opportunity.

A vulnerability, CVE-2020-6110, was recently disclosed publicly regarding Zoom clients. Since at least the middle of April the vulnerability allowed threat actors to inject arbitrary executable files via Zoom clients to achieve remote code execution. The vulnerability is relatively easy to exploit and requires minimal tooling. The vulnerability was patched in Zoom version 4.6.12 and is not reproducible in 5.0.1, released on April, 30th.

Screenshot 2020-06-08 at 13.00.45The graph above demonstrates the attack patterns described so far for this vulnerability.  Threat intelligence enables organizations to track how attack patterns (TTPs) may change with time across a vulnerability.

Another new attack reported to be effective involves the use of attaching voicemails to enterprise emails. Threat actors spoof the sender and file names to deceive security controls and end-users. The attacks are only effective against companies with existing PBX deployments that automatically incorporate voicemails into emails. They are aimed at compromising credentials using different command and control landing pages that victims are directed to. The attacks can be easily adapted to many companies and victims. 

Long-term Risks Are Unlikely to Change From the Pandemic

After the transition away from the working environment induced by the pandemic the Information Security Forum (ISF) expects threats to remain unchanged from what was highlighted in their 2020 report - published before the pandemic began. The pandemic has failed to produce enduring TTPs and EclecticIQ analysts have not observed TTPs that have a lasting impact on threat actor operations. The full risk report from the ISF can be downloaded here. The Information Security Forum is a widely respected independent global community established in 1989 and focused on knowledge exchange.

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (33)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo