The Tradecraft of a Successful Threat Investigation: A COVID-19 Case Study

— This is a Health-ISAC Navigator whitepaper by EclecticIQ —

Executive Summary:

When it became clear in February 2020 that the world was facing a major pandemic, we at EclecticIQ knew adversaries would put their malicious tactics, techniques, and procedures (TTPs) into high gear to take advantage of organizations shifting focus from security to the health crisis.

To leverage our position as a global threat intelligence organization and EclecticIQ Platform, a leading threat intelligence platform (TIP), we launched a campaign to deliver targeted, prioritized, and actionable threat intelligence reports to the public with a regular and predictable cadence.

In this white paper we are pleased to share the tradecraft used by our threat intelligence team to provide practical guidance, best practice recommendations, and beneficial insights to any cyber threat intelligence (CTI) organization conducting a threat investigation of any size and scope. In the paper, you will learn:

• – The value of following a disciplined CTI lifecycle to produce consistent, relevant, and impactful results
•  
• – The essential role of triage to overcome staffing limitations and to quickly summit the “Pyramid of Pain”
•  
• – The importance of ingesting millions of indicators, hashes, and TTPs and automatically synchronizing with a database of IOCs and STIX entities going back years to provide the necessary context to illuminate old threats masquerading as new ones
•