EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

EclecticIQ Pandemic Intelligence Update - Week 29

Fusion Center July 13, 2020

EIQ_corona_FC_CTI_report_blogimage29As Europe’s leading cyber threat intelligence company, we at EclecticIQ have decided to make use of our resources and provide the community with custom reports on threats connected to the COVID-19 pandemic throughout the duration of the crisis. This is the 17th report in a weekly series of updates to inform of important developments to COVID-19-themed attacks.

Key Findings
  • A recently developed ransomware sample with advanced capabilities targeted a preconfigured hospital network.
  • Threat actors spoofing contact tracing programs risk subversion of official contact tracing programs.
  • Money mule schemes exploiting abundant unemployed or underemployed individuals during the pandemic help drive further illicit activity and larger cybercriminal networks.
Analysis

Ransomware-as-a-Service Continues to Threaten Healthcare

An EKANS ransomware sample dated May 2020 targeted Fresenius Healthcare using brokered access which validates that RaaS remains a risk to healthcare. The variant attempted to validate a Fresenius subdomain and pivot to a domain controller using a preconfigured internal IP address. The malware’s hardcoded internal IP address suggests that the threat actors purchased compromised access to the subdomain from another group or individual on a malware marketplace.

It cannot be ruled out that the EKANS operators purchased network details of Fresenius from someone who previously compromised the network, based on the current growing trend of brokering access to compromised accounts and networks on dark marketplaces. FXMSP, believed to be a single threat actor, specialized in gaining and distributing access to compromised systems all over the world. EKANS was first described by Dragos after the family first emerged in mid-December 2019.

TTP LevelTTP-level analysis of targeting by recent EKANS ransomware variants.

Government Contact Tracing is at Risk of Subversion by Scam Operations

Imposter COVID-19 tracing scams, involving unprompted voice and email solicitations designed to coerce individuals into providing personally identifiable information or money, could undermine official programs. The Financial Crimes Enforcement Network, based in the United States, issued an advisory regarding COVID-19 scams and money-mule activity. Government contact tracing efforts are ongoing in many nations and more people are likely to expose their information in these imposter scam attacks.

Money-mule schemes targeting remote workers and the unemployed incentivize criminal networks and support further operations

Threat actors target people out of work or looking for further work to be complicit or unknowing participants in money-mule schemes. Negative economic trends brought on by the pandemic are causing more people to look for alternative sources of income. Authorities detected many different types of schemes. ‘Work-from-home’ and unemployment insurance fraud represent two schemes directly related to the pandemic. Money mule schemes provide low barriers to entry and help to subsidize criminal networks for further operations. Money mule schemes exploit financial systems and put participants at high risk for detention.

COVID-19 Themed Phishing Attacks Against Enterprise Office365 Accounts Remains a Very High Risk

Recent Office365 attack expressing COVID-19 themed lures have been tied to separate BEC (Business Email Compromise) and APT activities targeted high-level business officials in 62 countries. The attacks are designed to harvest Office365 account credentials for further network penetration. The attacks were first observed by Microsoft in December 2019 and have since increased in quantity. The command and control TTPs spoof actual Microsoft infrastructure. Microsoft worked with law enforcement to take down the command and control networks.

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (33)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo