EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Insurance Costs Rise as Attackers Seek to Cash in on Cyber Insurance Payouts

Ransomware attacks are creating huge pressure on cyber insurance, which is now changing rapidly in response to new shared threat actor TTPs; An analysis of airgap attacks provides strong evidence of an attack bottleneck centered on MITRE-T1091, and a clear point to focus resources protecting critical data; A threat framework is needed to help mitigate daily escalating threats to satellites and initiate this class of assets into cybersecurity.

EclecticIQ Threat Research Team December 9, 2021

Policy and Governance: The Cyber Insurance Market is Changing Course Due to Continued High Rates of Ransomware.

High volumes of ransomware attacks against U.S.-based organizations are rapidly driving insurers to reorient their cyber insurance policies. Since 2020, payouts in cyber insurance related to ransomware have approximately halved, while charges for cyber insurance premiums have approximately doubled. The demand for cyber insurance remains strong despite these trends as evidenced by many clients who are still willing to pay. Rates in the UK have polarized even more. The industry-wide trend continues upward from the start of 2020, when the same source reported cyber insurance rates climbing 5%-25% higher than they were in 2019. (1)

Ransomware threat actors are now highly attuned to the cyber insurance market and attempt to match extortion demands to insurance payouts as part of a new pattern of attack TTPs (2). Ransomware threat actors now perform more reconnaissance and discovery work to find the victim’s specific insurance policies as a way of ensuring ransoms can be met.

Last year, increasingly expensive payouts for ransomware contributed to a large rise in insurers’ measure of profitability calculations (2). Broker Aon calculated ransomware contributed over 1/5th of their total risk last year. The insurance market is repositioning itself against the risk from ransomware attacks by shifting more risk back to clients. The shift in risk back to clients will, in turn, put pressure back on governments to launch more law enforcement operations against ransomware cybercriminals and develop firmer policies of intervention, such as coordinated law enforcement operations to seize infrastructure or individuals. EclecticIQ analysts note 2021 has been a significant year for coordinated law enforcement operations against prominent cyber organizations (3). The number of similar cooperative law enforcement investigations and operations is likely to grow through 2022.

New and Noteworthy: Strict Removable Media Policy Will Best Protect Air Gapped Systems

As ransomware and APT attacks escalated against critical systems throughout 2021, perhaps the last solution to protect critical information is to leverage an air gapped network or system. Air gap systems are considered highly secure because a physical connection to the internet is not maintained (4). Nonetheless, air gapped systems remain vulnerable to intrusion, especially from APT groups. A recent, comprehensive analysis of APT attacks on air gapped networks by ESET found that all initial access used in all attacks over the past 15-years relied on introducing a compromised USB stick into the target environment. Replication Through Removable Media (MITRE ATT&CK technique T1091) initiated every air gap attack kill chain (5). EclecticIQ analysts highly recommend that administrators of air gapped systems prioritize resources for enforcement of a strict removable media policy to mitigate against very high-risk attacks to physically isolated data.

Policy and Governance: Cyberthreats to Satellites Escalate Outside Established Norms.

Satellites remain an often overlooked but critical piece of infrastructure supporting many different cyber capabilities on earth. China, Russia, and the U.S. are currently supporting cyberattacks in space “every single day” that qualify as “reversable attacks” - attacks that interfere with a satellite’s ability to communicate, according to the U.S. Space Force general (6). Operations are almost always recovered or return to normal in reversible attacks. Different countries including China and Russia are developing their own network of satellites, such as independent GPS networks, to support ground operations. The goal is technological independence in space-based communications.

Cyberthreats to space have, thus far, avoided “kinetic attacks”, or attacks that destroy satellites. There remains no common framework or bilateral agreements as to how threats to space-based asses should be mitigated or handled by conflicting nations. Kinetic attacks are prevented in part, through a deterrent effect. If a satellite is physically destroyed, the shrapnel created poses an immediate threat to all other satellites in that orbit. An escalation to kinetic attacks would guarantee further fallout in the form of additional damage and disruption to the IT infrastructure of other nation-owned satellites, which are not easily replaceable. Many nations are testing new TTPs against satellites (7). The current U.S. administration reportedly reached out to China to generate a dialogue specific to the issue of cyberattacks in space, in a global first, but so far efforts have not been successful.

About EclecticIQ Threat Research

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Threat Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com.

Appendix:

  1. https://www.reuters.com/article/us-ransomware-insurance-idUSKBN1ZL1J2,
    https://www.reuters.com/markets/europe/insurers-run-ransomware-cover-losses-mount-2021-11-19/
  2. https://research.nccgroup.com/2021/11/12/we-wait-because-we-know-you-inside-the-ransomware-negotiation-economics/ 
  3. https://www.reuters.com/markets/europe/insurers-run-ransomware-cover-losses-mount-2021-11-19/
  4. https://www.digitalshadows.com/blog-and-research/the-emotet-shutdown-explained/
    https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/
    https://www.europol.europa.eu/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication
  5. https://www.cioinsight.com/security/air-gapped-network/#how-secure
  6. https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/
  7. https://news.yahoo.com/russia-china-attacking-us-satellites-095741262.html
  8. https://www.space.com/russia-anti-satellite-missile-test-first-of-its-kind 

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (132)

Explore all topics

© 2014 – 2022 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo