EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

EclecticIQ Pandemic Intelligence Update - Week 28

Fusion Center July 6, 2020
EclecticIQ Pandemic Intelligence Update Week 28
As Europe’s leading cyber threat intelligence company, we at EclecticIQ have decided to make use of our resources and provide the community with custom reports on threats connected to the COVID-19 pandemic throughout the duration of the crisis. This is the 15th report in a weekly series of updates to inform of important developments to COVID-19-themed attacks.

Key Findings
  • Rising RDP attack volume supports further high-impact malware delivery to compromised networks.
  • Threat actors seek to compromise employee credentials with COVID-19 testing lures increasing risk for employers.
  • The release of wearable COVID-19 tracking technology expands the available attack surface for COVID-19 health information and Personally Identifiable Information.
Analysis

Increasing attack volume targeting Remote Desktop Protocol (RDP) creates high-risk to companies using RDP to regulate remote endpoints.

Brute force attacks targeting RDP systems continue to increase since the beginning of the pandemic, data from ESET shows. Attacks on RDP risk threat actors penetrating internal networks to serve further malware with elevated privileges and the ability to pivot to other systems. In our update posted the first week of May 2020, EclecticIQ analysts alerted to rising RDP attacks. The new data from ESET shows that since then, attacks against RDP systems have continued increasing in a linear trend.

The US currently represents the largest pool of offending IP addresses by volume.

Tracing attack origin to the US means that threat actors are compromising more systems located there. RDP attacks began to rise sharply and departed from parallel trends with other countries in the first week of April 2020. RDP attacks provide access to internal networks that enable further attacks.

Coveware data shows RDP attacks lead the support of ransomware delivery by a large margin, compared to other popular methods. Maximizing password length and multi-factor authentication are the most effective mitigations.

Graph Analysis of attack patterns
A graph analysis of attack patterns using MITRE technique 1110 – Brute Forcing (center). More recent attack patterns on the left are compared to historical brute forcing attack patterns on the right.

Organizations risk further attacks that result from employee credential compromise.
Employees are at increased risk of credential exposure from phishing attacks designed to exploit businesses in transition from lockdowns. Cybercriminals are targeting employees with phishing emails that spoof Coronavirus training resources. The emails target enterprises and lure victims to registration links for COVID-19 safety trainings that redirect to a credential harvesting page. The credentials can then be used to penetrate the internal network, to which the employee belongs.

The same report shows a gradual continuing trend of generalized high-volume attacks decreasing from relative peaks in March 2020. Most of the European region, with the exception of Eastern Europe, is experiencing significantly fewer attacks in recent weeks. The trend indicates that the most common types of attacks are steadily falling across the region and is likely reflective of the global trend.

Organizations face threats from fraud-based attacks against employees using company owned systems for ecommerce.

Growing activity involving fraudulent testing kits advertised online and people admit to shopping online using company resources will increase risk to many organizations. The FBI alert to bad testing kits follows widespread reporting of testing shortages in May 2020, as many Nations were deescalating lockdowns. Currently online test kit fraud is centered in the US, but similar activity is very likely to spread to other nations that report large testing shortages.

COVID-19 contact tracing wearables increase risk of PII (personally identifiable information) exposure

The introduction of COVID-19 tracing technology alongside mobile phones and their apps will very likely expand the attack surface threat actors can. Singapore is the first nation to widely implement a wearable technology. Wearables provide users with less control over their data. The design is often not open-source, not transparent, and he devices often cannot be turned off. PII data can be used in a variety of further cyberattacks.

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (33)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo