EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Pandemic Intel week 41: Shifts in E-Commerce Patterns Increases Opportunity for Malware

Fusion Center October 5, 2020

EclecticIQ Pandemic Intelligence Update week 41

Key Findings
  • Ransomware operators targeting healthcare organizations disrupt patient services.
  • Individuals on social media are at high-risk for high-volume spam attack patterns that spoof financial support programs.
  • Changes in E-commerce patterns driven by lockdowns increases opportunity for cyberattacks using commodity malware.
Analysis

Ransomware Attacks on Healthcare Are Disrupting Services to Patients.

Threat actors attacked Universal Health Systems (UHS), a service provider to 400 hospitals and healthcare facilities in the U.S. and the U.K., reportedly with a variant of Ryuk. Staff in North Dakota and Arizona reported their systems were impacted as a result of the main UHS attack. The Arizona location reported inaccessibility to medication information, greatly impacting operations. The total number of victims is expected to be much greater.

An unreported ransomware variant caused a portion of IT systems at the Ashtabula County Medical Center in the US to shutdown. Nebraska Medical reduced operations to “pen and paper” after a separate attack, which is very likely ransomware based on a recent disclosed consultation with independent experts. The hospital is reported to have reduced and reprioritized appointments as a result. Further details of the attacks are not published at this time of writing.


REvil, NetWalker, Pysa, (Mespinoza), and SunCrypt, ransomware variants were also recently attacking other healthcare victims. All of the ransomware variants exfiltrate data prior to encryption, presenting a high-risk to patient data and proprietary research. REvil and Netwalker are both variants that employ Big Game Hunting TTPs (Tactics, Techniques, and Procedures).

Cyber insurance reports indicate ransomware threats to healthcare have a high success rate. In the first half of 2020 ransomware represented 41% of claims as measured by one insurance organization. Many incidents are not widely reported. Ransomware attacks against healthcare during the pandemic have been successful and will continue. 

 

Threat Actors Exploit Independent-Led Financial Support Programs For Financial Gain.

Recent attacks used Facebook, WhatsApp and Telegram messaging platforms in concert to exploit individuals with spam for fraud. The campaign is based on an actual financial support program Facebook is directing towards small businesses. The attacks claim individuals who have had COVID-19 are applicable for financial support packages.

Earlier in 2020, EclecticIQ analysts reported threat actors started exploiting government support programs designed to help citizens via financial relief in response to COVID-19 economic impacts. Similar independent-led efforts that advertise using social media face very high risk of attack because such platforms expose attacks to greater pools of victims. Attackers take advantage of user content sharing features and also use email as a deliver vector.

 

 

Shifts In E-commerce And Contactless Payment Increases Opportunity For Cyberattacks.

A reduction in cash payments creates further incentives for ecommerce cyberattack; specifically, credential compromise and POS malware. Trends during the pandemic indicate organizations are shifting to eliminate cash payments in favor of contactless card payments. A large reduction in cash payments necessitates a greater volume of e-commerce transactions. The increase in e-commerce volume expands the attack surface that threat actors can hook into using different e-commerce TTPs and exploit individuals for fraud. If increased e-commerce traffic provides cybercriminals with more compromised account information from e-commerce exploitation, it is possible that the growth in online payments will increase the prevalence of mobile banking trojan use as cybercriminals key into more opportunities presented via higher volumes of e-commerce transactions.

 

As Europe’s leading cyber threat intelligence company, we at EclecticIQ have decided to make use of our resources and provide the community with custom reports on threats connected to the COVID-19 pandemic throughout the duration of the crisis. This is the 29th report in a weekly series of updates to inform of important developments to COVID-19-themed attacks.

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (33)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo