EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Network Environment-Focused Conversations Needed in Approaches to Cyber Security

This Analyst Prompt examines key differences in network environments and threat actor approaches, and how centralizing intelligence better prepares an organization in the quantum computing world.

EclecticIQ Threat Research Team August 18, 2022

tap-15-2022

Exploit Tools and Targets: Enhance Third-Party Risk Management to Mitigate Multi-Targeted Approach

Third-party attacks, or supply chain attacks, occur when a trusted software, vendor, or other external company property or personnel is the victim of a cyber-attack that may directly impact the partnered organization (1). One of the most recent and notorious third-party attacks was the SolarWinds compromise, which allowed access to commercial and government data through network security software. The malicious activity, which was initially discovered by FireEye, breached SolarWinds’ security several months before discovery (1). After that, the Log4j vulnerability allowed several compromises through the Apache vendor's direct connection to enterprises (1); many other notable third-party breaches affected various sectors without any clear target industry, but rather opportunistic strategies (2).

Threat actors are using multi-targeted approaches by utilizing banks, point of sale systems, or other institutions, with no clear patterns between targeted industry, to infect Microsoft 365 and other key applications. This approach requires analysts to enhance their third-party risk management by creating a new crisis management plan that incorporates information security professional consulting resources that can perform a non-bias assessment of an organization's supply chain network connections and recommendations. Consumers need to know who the immediate vendor-side contact is in case of a security incident involving essential software used by the organization. The vendor should know if an organization is impacted by a breach from their side, as well as notifications from the other way around, but may not immediately let the company know unless direct contact is made. Identifying the network design and where APIs (application programming interfaces) or segmentation can take place between vendors and critical company assets would significantly decrease overall risk.

New and Noteworthy: The Post-Quantum Encryption Proof of Concepts Leave Room for More Progress in Cryptography

Proof of concepts for cyber-attacks using post-quantum computing algorithms is showing success after the Computer Security and Industrial Cryptography group (CSIS) was able to decipher in one hour the algorithm SIKE (Supersingular Isogeny Key Encapsulation), used by the National Institute of Standards and Technology as their post-quantum encryption algorithm (3). The hack was performed on a “classical computer” using the mathematical algorithms of a 1977 “glue-and-spit" theorem (3). Microsoft is actively rewarding “bug bounties” at a rate of about 50,000 USD per hack for those that can break through their quantum world encryptions (5). So far, the CSIS group has been the most publicly successful and shared the code and details of the hack on their Intel Xeon CPU E5-2630v2, 2.60 GHz processor (5). For more information on the exact algorithms used and technical deep dive, please read the SIKE authors' scholarly article “TOWARDS QUANTUM-RESISTANT CRYPTOSYSTEMS FROM SUPERSINGULAR ELLIPTIC CURVE ISOGENIES” by Luca De Feo, David Jao, and Jerome Plut (6).

The existence of quantum computing may be up for debate, but the concepts behind quantum encryption are a broadly discussed and tested topic amongst the cyber groups. The suggested post-quantum algorithms are showing progress through peer testing and research. So far there is insufficient research to assume an immediate need for corporations to switch to the new NIST standard algorithms as they have not passed through the security measures needed to verify higher confidence of protection than what is currently the standard. The facts are that the US Federal Bureau of Investigation (FBI) reported 847,376 cyber incidents in 2021 that totaled 7 billion USD in losses (4). The key goals in preparing security teams for the quantum world are to normalize securing infrastructure by removing legacy systems or networks within corporations and to prepare for incident response by consistently updating all network maps to stop an attack once encryption algorithms fail.

About EclecticIQ Threat Research

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Threat Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com or fill in the EclecticIQ Audience Interest Survey to drive our research towards your priority area.

Structured Data

Find the Analyst Prompt and earlier editions in our public TAXII collection for easy use in your security stack.

TAXII v1 Discovery services: https://cti.eclecticiq.com/taxii/discovery

Please refer to our support page for guidance on how to access the feeds.

Appendix

  1. https://www.csoonline.com/article/3191947/supply-chain-attacks-show-why-you-should-be-wary-of-third-party-providers.html
  2. https://www.securityinfowatch.com/cybersecurity/article/21254749/lessons-learned-from-notable-thirdparty-data-breaches-of-2021
  3. https://thequantuminsider.com/2022/08/05/nist-approved-post-quantum-safe-algorithm-cracked-in-an-hour-on-a-pc/
  4. https://www.telecomtv.com/content/security/what-s-up-with-quantum-security-cybersecurity-dish-network-45116/
  5. https://www.theregister.com/2022/08/03/nist_quantum_resistant_crypto_cracked/
  6. https://eprint.iacr.org/2011/506.pdf 

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2022 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo