EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

EclecticIQ Pandemic Intelligence Update - Week 27

Fusion Center June 30, 2020

EclecticIQ Pandemic Intelligence Update week 27As Europe’s leading cyber threat intelligence company, we at EclecticIQ have decided to make use of our resources and provide the community with custom reports on threats connected to the COVID-19 pandemic throughout the duration of the crisis. This is the 15th report in a weekly series of updates to inform of important developments to COVID-19-themed attacks.

Key Findings
  • Ransomware attacks on healthcare bring the highest risk to regions that struggle to contain pandemic infection rates.
  • Android users have high risk of exploitation through COVID-19 malicious apps.
  • Over 200k COVID-19 patient records in Indonesia were exposed as early as May 6, 2020.
Analysis

States and regions with deficient pandemic management practices will very likely experience greater effects from cyberattacks.

Increased COVID-19 patients produce additional stress on resources and infrastructure of healthcare networks, to which they are not normally accustomed. Downtime to health network systems caused by malware can affect the intake and processing of patients who could have COVID-19. The increased strain can amplify the effects of cyber-attacks that affect the production environment of health organizations experiencing increased pressure during the pandemic. Crozer-Keystone Health System, a health care provider in Philadelphia, US was hit with Netwalker ransomware. The attack comes just as the US infection rate is spiking for a second period. A company spokesman statement claimed incident response may have been successful in preventing a full infection, but the threat actors claim to have exfiltrated some data from the attack.

Threat actors exploit COVID-19 related malicious apps for Android.

EclecticIQ analysts continue observing more reports of Android exploitation over other platforms. The trend is very likely driven by the popularity of the platform creating the largest pool of potential victims and more apps are being released. New ransomware targeted Android users of Canada’s official COVID-19 tracking app. ESET researchers were able to create and release a decrypter due to flaws in how the ransomware managed its encryption keys. The source code, from which the ransomware was developed was released on June 11, 2020 by another, separate threat actor. 

The decryption tool for the malware can be found here.

The development and release of more COVID-19 tracking apps creates a larger attack surface for threat actors to expose healthcare data.

Personal healthcare data is at higher risk of exposure from breaches of COVID-19 specific health records. Recently, more than 200k personal records of COVID-19 patients in Indonesia were discovered in a darkweb repository. The data is comprised of personally identifiable information (PII); name, address, telephone number, citizenship, diagnosis date, and test-result. The timestamps from the data indicate it may have been available by May 06, 2020, but was not officially reported until June 21. The breach timing occurred after Indonesia began reporting new peak infection rates as well as record recovery rates. It is possible that a threat actor was motivated to expose the data by inconsistencies in official reporting. The first official COVID-19 patients in Indonesia had their personal info exposed by the President of Indonesia before they knew of their own results, prior to May 6, 2020. The surrounding events bring into question the COVID19 patient data stewardship practices in the first place.

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (33)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo