EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Pandemic Intel week 42: Ransomware Disrupts Clinical Trial Software Supply Chain in The US

Fusion Center October 12, 2020

EclecticIQ Pandemic Intelligence Update week 42

Key Findings
  • Ransomware may have impacted COVID-19 vaccine research progress in the US.
  • Advanced attacks using employee benefit lures target organizations and individuals.
Analysis

Ransomware Disrupts Clinical Trial Software Supply Chain in The US.

eResearchTechnology was victim to a Ryuk ransomware variant beginning September 20, that affected software used in many clinical trials. The attack is reported to have slowed progress in some clinical trials over the past two weeks. Healthcare entities impacted include some participating in COVID-19 vaccine research. The attack was allegedly not successful in stealing data from eResearchTechnology or any clinical trial sites, due to effective incident response during the exploitation phase of the initial kill-chain, post compromise. 

 

Individuals and Organizations Are at Increasing Risk of Attacks Using Employee Benefit Lures.

The OceanLotus APT group, with alleged links to Vietnam, used generalized employee benefit informational email attachments to phish victims in the Southeast Asia region. The attacks are notable because the attackers inject data into Windows Error Reporting, enabling them to obfuscate further malicious actions with high effect. The lure content and design is not highly tailored, indicating the campaign is likely opportunistic in nature. The lure is applicable against a wide audience in the region.

Cybercriminals are targeting employee relief efforts in Canada to harvest banking credentials and personal information. The attacks use lures spoofing the CERB (Canada Emergency Response Benefit) and are well-detailed. The emails redirect users to interactive landing pages where their banking credentials and other personal information is harvested.

Another attack orchestrated by unidentified threat actors used email lures from the IRS (Internal Revenue Service) with a malicious attached document about COVID-19 relief funds. The campaign leveraged a compromised SharePoint account and server to increase the legitimacy of the spoofed emails and bypass security warnings. The SharePoint form asks for email credentials, Social Security numbers, driver license numbers, and tax ID numbers. The attention to SharePoint resources likely indicates that the attack was aimed at larger organizations or enterprise.

The examples above all include TTPs of relatively high-sophistication in at least one Kill-Chain phase. APT groups as well as more common cybercriminals are hooking into opportunities from pandemic-driven economic uncertainty to increase the effectiveness of specific lures to attack both individuals and organizations for personal info, proprietary info, and unauthorized access to internal networks. Economic uncertainty and remote work created via the pandemic are likely key drivers for these and similar attacks.

 

As Europe’s leading cyber threat intelligence company, we at EclecticIQ have decided to make use of our resources and provide the community with custom reports on threats connected to the COVID-19 pandemic throughout the duration of the crisis. This is the 30th report in a weekly series of updates to inform of important developments to COVID-19-themed attacks.

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (33)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo