EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Fake Media; Regional Ransomware Cooperation Framework

EclecticIQ Threat Research Team October 26, 2021

New and Noteworthy: Fake Media Will Likely Become a Mainstream Tactic in 2022

Cybercriminals used technology to recreate or clone the voice of the director of a bank in the U.A.E. so that a bank manager would authorize a transfer of $35 million to cybercriminals, under the pretext of a new acquisition (1). Reporting indicates they spoofed both voice and email, which could count as successfully subverting multi-factor authentication. Investigators believe the threat actor group comprised at least 17 people.

The attack represents an evolved form of a classic BEC (Business Email Compromise) scam; only this time voice is the primary medium for the attack. Voice cloning is well suited to this type of attack because it is more convincing and immediate. There is low risk of being caught once the criminals receive the transferred money, so BEC and social engineering scammers are very likely to be early adopters of unproven new attack vectors such as this. EclecticIQ analysts expect cybercriminals will rapidly adapt voice and visual cloning technologies in new attacks first for financially motivated cyber-crimes and next, in highly strategic APT attacks. There are many social engineering opportunities to which this can be applied. Most people are unprepared with prudent training or protocols for recognizing spoofed audio and video.

Policy and Governance: Escalating Threat of Ransomware Will Drive Regional Cooperation to Address Attacks in Lieu of a Global Framework

Data from Checkpoint indicates a current surge in both ransomware infections and botnets able to deliver ransomware since the Covid-19 pandemic began in early 2020, with companies in North America experiencing the highest growth in attack volume (2). EclecticIQ analysts note an annual relative increase in ransomware occurred last year at this time, but was largely aimed at the US education sector (3). The attack increase this year is occurring across a broader set of industries. Another significant sign of ransomware escalation comes from US disclosure of four ransomware attacks against water facilities in the past two years (4). The public disclosure contains the largest number of ransomware attacks against US critical infrastructure announced at one time.

Pressures from ransomware led the US and 30 other countries to meet virtually for an introductory forum on how to better address ransomware (5). The absence of an invitation to China and Russia is a strong signal that regional coalitions to combat ransomware syndicates are likely to form instead of global efforts. New policies resulting from regional coalitions will very likely involve cross-border law enforcement cooperation, reporting of ransomware attacks, and accountability policies aimed at tracking and disincentivizing ransom payment. Cooperation among smaller groups of states in dealing with ransomware is likely to be effective at restricting ransomware attacks because cooperative policy will likely aid law enforcement operations against ransomware threat actors across borders.

Individually, The Netherlands announced it is escalating its response to ransomware against critical infrastructure and national security (6). The government plans to prioritize prevention, attribution, and response to critical ransomware incidents. The announcement is likely aimed at deterrence, in an effort to protect the Netherlands’ tech startups and vulnerable businesses. Ransomware attacks to critical industry could possibly have a greater impact in the Netherlands than they would have on a larger nation with a larger distributed infrastructure and resources. EclecticIQ analysts note it remains extremely difficult to establish firm attribution to State-linked ransomware attacks, making formal military and diplomatic channels nearly impossible to work through. Given this fact it is unclear how the escalated efforts will be directed. The Dutch government stated it is prepared to share further specific intelligence on ransomware with private businesses.

It has been widely observed that many ransomware families specifically avoid targeting Commonwealth of Independent States (CIS) countries via language-based whitelists that prevent malware installation (7). It has been strongly speculated that the Russian government turns a blind eye to attacks that operate outside of the CIS region (8). This intolerance to local ransomware attack has led ransomware syndicates to prevent targeting countries of the CIS region. If other countries express similar intolerance via frameworks that allow prosecution of operators more easily regionally, then overall ransomware operations may become more scarce because law enforcement will be able to more readily disrupt operations.

Regional cooperation against ransomware may force ransomware syndicates to expand similar blanket-style whitelists to their ransomware operations to avoid being targeted and shutdown by law enforcement (as the REvil group has now experienced twice (9)). Ransomware gangs shutdown operations if law enforcement pressure reaches certain thresholds resulting from specific ransomware attacks. The shutdowns greatly affect operations and profit. If Ransomware whitelisting against certain regions expands, it could restrict the growth potential of current operating ransomware families and establish reverse incentives for the development of new ransomware families.

About EclecticIQ Threat Research

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Threat Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com.

Appendix.

  1. https://www.forbes.com/sites/thomasbrewster/2021/10/14/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions/
  2. https://www.darkreading.com/attacks-breaches/north-american-orgs-experience-497-attacks-per-week-on-average-currently
  3. https://securityintelligence.com/posts/ransomware-2020-attack-trends-new-techniques-affecting-organizations-worldwide/
  4. https://us-cert.cisa.gov/ncas/alerts/aa21-287a
  5. https://therecord.media/u-s-convenes-30-countries-on-ransomware-threat-without-russia-or-china/
  6. https://securityaffairs.co/wordpress/123113/security/the-netherlands-war-ransomware-operations.html
  7. https://www.trendmicro.com/en_nl/research/21/e/what-we-know-about-darkside-ransomware-and-the-us-pipeline-attac.html 
    https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/
  8. https://carnegieendowment.org/2018/02/02/why-russian-government-turns-blind-eye-to-cybercriminals-pub-75499
  9. https://www.secureworks.com/blog/revil-ransomware-reemerges-after-shutdown-universal-decryptor-released 

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (127)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo