The Tradecraft of a Successful Threat Investigation: A COVID-19 Case Study
— This is a Health-ISAC Navigator whitepaper by EclecticIQ —
Executive Summary:
When it became clear in February 2020 that the world was facing a major pandemic, we at EclecticIQ knew adversaries would put their malicious tactics, techniques, and procedures (TTPs) into high gear to take advantage of organizations shifting focus from security to the health crisis.
To leverage our position as a global threat intelligence organization and EclecticIQ Platform, a leading threat intelligence platform (TIP), we launched a campaign to deliver targeted, prioritized, and actionable threat intelligence reports to the public with a regular and predictable cadence.
In this white paper we are pleased to share the tradecraft used by our threat intelligence team to provide practical guidance, best practice recommendations, and beneficial insights to any cyber threat intelligence (CTI) organization conducting a threat investigation of any size and scope. In the paper, you will learn:
- – The value of following a disciplined CTI lifecycle to produce consistent, relevant, and impactful results
- – The essential role of triage to overcome staffing limitations and to quickly summit the “Pyramid of Pain”
- – The importance of ingesting millions of indicators, hashes, and TTPs and automatically synchronizing with a database of IOCs and STIX entities going back years to provide the necessary context to illuminate old threats masquerading as new ones
An Intelligence Lifecycle Disciplined Approach
“The work here by the EclecticIQ Threat Research Team is a great example of the results from following a disciplined approach to the intelligence life cycle and the value of information sharing. Using the methods described here by EclecticIQ, in combination with threat intelligence from Health-ISAC and information shared among peer organizations, our members can benefit by predicting new TTPs and ultimately provide early warning to network defenders to reduce risk.“
– Errol Weiss, Chief Security Officer for Health-ISAC
Download this whitepaper
H-ISAC is all about increasing cyber resilience in the healthcare sector. We are interested in disseminating actionable content that is in keeping with security thought leadership. In alignment with this statement, we do not require your email to download original content from our website.