EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Zero-Day Vulnerabilities and Sophisticated Spyware Make a Case for Layered Security.

Threat intelligence demonstrates zero-day vulnerabilities continue to increase and spyware targeting is becoming more widespread. Device security must go beyond encryption to keep up with today’s threats.

EclecticIQ Threat Research Team July 19, 2022

tap-13-2022

New and Noteworthy: Unknown Zero-day Vulnerabilities Will Almost Certainly Continue to Increase Year-on-Year Because of Stockpiling And Technology Expansion.

EclecticIQ analysts assess zero-day vulnerabilities, which occur when a vulnerability in a computer system is discovered before an associated patch is released, will continue to increase if for no reason other than because technology will also grow in terms of both quantity and capability. Stockpiling of undisclosed vulnerabilities by State actors helps ensure some will not be disclosed unless a 3rd party discovers them. According to a database that tracks zero-day vulnerabilities, 1011 zero-day vulnerabilities have been published so far in 2022. This continues a trend of increases each year; 1604 zero-days were published in 2021, 1453 were published in 2020, and 1045 in 2019 (1).

A study of zero-day vulnerabilities and exploits spanning 2002-2016 found zero-day associated exploits have an average useful life expectancy of 6.9 years (2). Another study of over 46,000 vulnerabilities found approximately 80% had a working exploit developed by threat actors on or before the date of disclosure. (3) Both studies confirm open-source products had a slightly longer average exploit shelf-life comparatively of 7.32 for open-source vs 6.9 years for non-open-source software (3). Threat actors took between 6-37 days to develop exploits tied to zero-day vulnerabilities for nearly all vulnerabilities studied, with 71% of all exploits (zero-day and non) developed in under a month.

The rate of public, 3rd-party discovery for zero-days out of known stockpiles (known, but publicly not disclosed) was very low at approximately 5.7% per year. (2) Expanding public bug bounty programs could possibly help reduce unknown vulnerability stockpiles by further incentivizing more widespread participation in public 3rd-party discovery for zero-days, to target boosting the average discovery rate beyond 5.7% per year.

Malware: Encryption is Not a Panacea for Cyberattacks; Layered Security Features Help Provide Additional Security

Threat intelligence demonstrates many industries are at high-risk of increasingly sophisticated spyware attacks. Journalists generally practice increased operational security compared to the general population to protect themselves from cyberattacks. Nonetheless, recent reporting about the Pegasus malware used by the NSO Group and other malware targeting US journalists (4) shows multiple well-developed spyware families are now targeting journalists and others globally. The fact that they are being targeted successfully at increased rates demonstrates that simply using encryption is not enough to protect from cyberattacks in high-stakes situations.

One reason newer malware is successful against encrypted applications is because it is able to penetrate systems deeper into the OS level to subvert application encryption keys. One of the best routes for increasing operational security in these situations is to give end-users more control and awareness of their personal device security at the Operating System level, and not just within a particular application. The first release of Lockdown Mode from Apple attempts to help increase information security in sensitive situations (5). Lockdown Mode helps to silo applications that threat actors might try to exploit making it much more difficult to gain deeper access to the device and its information. This is certainly not a panacea for cyberattacks, but this sort of layered security-oriented feature in end-user device OSs is a step in the right direction toward more comprehensive security that is better oriented to today's threats. It sets a good security design example for other producers by going beyond simply encrypting a data stream. Propagation of these types of security-focused features in other devices could greatly reduce the attack surface from cyberattacks and increase privacy of information transiting personal devices.

About EclecticIQ Threat Research

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Threat Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com or fill in the EclecticIQ Audience Interest Survey to drive our research towards your priority area.

Structured Data

Find the Analyst Prompt and earlier editions in our public TAXII collection for easy use in your security stack.

TAXII v1 Discovery services: https://cti.eclecticiq.com/taxii/discovery

Please refer to our support page for guidance on how to access the feeds.

Appendix

  1. https://www.zerodayinitiative.com/advisories/published/
  2. https://www.rand.org/content/dam/rand/pubs/research_reports/RR1700/RR1751/RAND_RR1751.pdf
  3. https://www.cse.msu.edu/~alexliu/publications/VulnerabilityDB/VulnerabilityDB_ICSE2012.pdf
  4. https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists
  5. https://telecoms.com/516315/apple-beefs-up-device-security-as-spy-agencies-warn-of-increasing-chinese-threats/ 

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2022 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo