Live Breaking News & Updates on Eclecticiq Threat Research Team
Stay updated with breaking news from Eclecticiq threat research team. Get real-time updates on events, politics, business, and more. Visit us for reliable news and exclusive interviews.
Threat Actor Update: IRIDUIM Attributed to Prestige Ransomware Campaign A ransomware campaign targeting transportation and logistics organizations in Ukraine and Poland has been attributed to a group called IRIDIUM. The ransomware campaign used a previously unidentified ransomware payload called ‘Prestige’ which was observed deployed on October 11th, 2022. The objective of the campaign was to cause disruption not financial gain. IRIDUIM is a Russia-based actor that overlaps with Sandworm and has been consistently active in Ukraine with IRIDIUM being linked to activity in March 2022 (1). The Ukraine war continues to highlight the increased use of ransomware for non-financial means. Ransomware has been used for non-financial means before (2); however, many ransomware incidents have historically been financially driven. For example, the HermacticRansom malware used in Ukraine is suspected to be a smokescreen for destructive attacks (3). Hacktivist group FRwL has used ransomware during ....
Key Infrastructure and Critical Vulnerabilities: Attack Against Tata Power Highlights Cyber Risk to India’s Growing and Increasingly Connected Population On Friday, October 14, Indian electricity provider Tata reported it was suffering the effects of a cyberattack against its network. (1) In late October, Hive ransomware claimed the attack and began leaking data stolen from Tata Power on its website. (16) This was not the first time Indian power infrastructure was targeted in a cyberattack. So far has been no long-term infrastructure damage, but attacks against vulnerable power infrastructure which are widespread or occur at critical times have the potential to be disruptive to government, commerce, and daily living. Indian authorities blamed malware for a two-hour long power outage also in Mumbai in October 2020, and later indicated they believed the incident to be the result of deliberate action, according to press reports. The investigation uncovered suspicious logins to servers c ....
Synopsis The Analyst Prompt Issue #18 briefly explores the hype around zero-day vulnerabilities and the benefit of focusing on tactics and techniques featured in common threats and attack patterns rather than highlighting cutting-edge cyberattacks to improve metrics and cyber defense. As an example of the value of strong fundamentals, we look at the initial reports about the Uber breach versus an analysis of current trends in zero-day use in cyberattacks. Key Infrastructure and Critical Vulnerabilities: Zero-Day Software Vulnerabilities Remain High Profile, but are Not a Factor in the Majority of Successful Cyberattacks Zero-day exploits have come under increased scrutiny after malware vendors including FinFisher, the NSO Group, Hacking Team, and others demonstrated a growing market for custom, paid-for exploits. Our increasingly connected world ensures constantly growing impacts from zero days. At the end of August, VX Underground reported a new iOS remote code execution vulnerability ....
Introduction Widespread implementation of decentralized finance (DeFi) systems since 2020 has created new fertile ground for a variety of threat actors to shift the development of cyberattack tactics, techniques, and procedures (TTPs). The number of threat actors participating in DeFi activity has grown substantially over the past two years. Current threat actor activity is incentivized by a broad attack surface represented through high volumes of users and systems, and high potential profits represented through the variety of cryptocurrency offerings. Types of threat actors range from advanced persistent threat (APT) groups and small loosely organized groups of cybercriminals to individual threat actors of varying skills. EclecticIQ Analysts Expect the Number of Threat Actors Attacking Defi Systems Will increase Significantly Through at Least The Next Two Years Despite Any Dips in Cryptocurrency Value Attack volume carried out by individual attackers is expected to grow at the greates ....
Synopsis The estimated value of greater Decentralized Finance and cryptocurrencies surpassed half a trillion dollars in market capitalization in 2018, and then one trillion for the first time in 2021 (1). Since then, cryptocurrency values reached new records during the pandemic. New systems of finance are consolidating under significant momentum and threat actors are adapting to this landscape. Decentralized Finance and the information security protocols protecting it remain in their early stages of development, as does the adaptation of new cyberattack techniques. The way these two forces compete between one another is very likely to shape the DeFi landscape in the coming years. An analysis of the key features, systems, and services of Decentralized Finance supports a more complete picture of this unique evolving attack surface and provides orientation for threat intelligence applications. Cryptocurrencies Are Established Via Blockchain Security. Just as Euros, Pounds, and Dollars are ....