EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Pandemic Intel week 40: NCSC UK Alerts Education Sector on High Risk Ransomware

Fusion Center September 28, 2020

EclecticIQ Pandemic Intelligence Update week 40

Key Findings
  • High-risk of Big Game Hunting TTPs increasing in ransomware attacks directed at Education.
  • A growth in data repositories since the start of the pandemic increases the risk of securing important and sensitive data.
  • Info-stealers and remote access malware are currently the most used malware types in pandemic related phishing attacks.
Analysis

The NCSC UK Issues An Alert To The Education Sector Regarding High Risk To Ransomware Attacks.

Schools globally are particularly vulnerable right now to disruptive attacks such as ransomware. The pandemic creates uncertainty for schools. IT operations in education may be more stressed due to increased demand for remote learning environments and new ways of working. Hartford Public Schools in the US was most recently forced to shut down September 8th due to ransomware. Maze ransomware is a current and prominent family spreading within US education. 

 

Big Game Hunting (BGH) Tactics, Techniques, And Procedures (TTPs) Are Highly-Likely To Continue Spreading To Education.

BGH attack patterns involve more dwell-time on the target network; performing extended exploitation and lateral movement to critical systems and data. One current and active group was recently highlighted: OldGremlin. The threat actor group is currently targeting organizations in Russia with BGH TTPs that have included medical labs, banking, manufacturing, and software industries. Its highly-likely that BGH ransomware TTPs will continue to spread to Education.

 

 

Growth Of Data Use And Storage Under New Ways Of Working During The Pandemic Increases The Risk Of Securing Important And Sensitive Data.

General data stewardship practices have deteriorated as a result of increased remote work support and collaboration resulting in data stored in more locations with poorer security controls. The greatest issue is lack of security controls over extended remote networks, which diminishes the ability to direct data over appropriate (secure) channels. Remote work infrastructure and employees using expanded infrastructure are at greater risk of attack compared to those working on normal internal office networks due to differences in security implementation.

Individuals And Organizations Are Currently Exposed Greatest To Information Stealers And Remote Access Trojans.

Two reports confirm that both malware types top the current threats that utilize phishing as a delivery vector. Phishing with COVID-19 themed lures remains one of the most popular delivery vectors. GroupIB detected the most attacks spoofing Web Services; whose use has increased as a result of the pandemic. The malware trend is driven by cybercriminals attempting to monetize personal data and/or exploit banking information during the pandemic and the changes it has brought to individuals’ ways of living and working.

 

As Europe’s leading cyber threat intelligence company, we at EclecticIQ have decided to make use of our resources and provide the community with custom reports on threats connected to the COVID-19 pandemic throughout the duration of the crisis. This is the 28th report in a weekly series of updates to inform of important developments to COVID-19-themed attacks.

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (33)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo