MITRE Shares ATT&CK Results on Ransomware Defense

MITRE posted the latest findings of its ATT&CK Evaluations, an independent and objective assessment of enterprise cybersecurity solutions. Through the lens of the MITRE ATT&CK knowledge base, the ATT&CK Evaluations Enterprise Round 6 focused on two distinct threat areas for a more targeted evaluation of defensive capabilities:

CyberTech Insights and News: Lookout Q3: iOS Faces More Phishing Threats Than Android

“The evidence-based results of the evaluations are a valuable resource for organizations in determining which cybersecurity solutions best address their needs,” said William Booth, general manager, ATT&CK Evals, MITRE.

• Windows (featuring Linux) emulations featuring common ransomware behaviors leveraged by cybercriminal groups.
• macOS emulation featuring adversary behavior reflecting North Korea’s (DPRK) evolving tactics, including the development of advanced, multistage malware.

“The evidence-based results of the evaluations are a valuable resource for organizations in determining which cybersecurity solutions best address their needs,” said William Booth, general manager, ATT&CK Evals, MITRE. “In this round of our evaluations, we broadened the scope to include macOS and focused on new insights regarding efficiency and false positive rates to more accurately reflect the real-world performance of the solutions.”

Ransomware continues to be one of the most significant global cybercriminal threats across government and industry. Enterprise Round 6 focused on two ransomware variants, LockBit and CL0P, to emulate common behaviors prevalent across the ransomware ecosystem. LockBit, which law enforcement agencies have described as the “most deployed ransomware variant across the world,” is known for its use of sophisticated tools and dual targeting of Windows and Linux systems. CL0P is a ransomware family associated with the TA505 criminal group and leverages the “steal, encrypt, and leak” strategy across a variety of regions and sectors.

North Korea poses a significant cyber threat, targeting the global financial, defense, and technology sectors to fund the advancement of its nuclear capabilities. North Korea has increasingly expanded its targeting of macOS systems, gaining the ability to infiltrate additional high-value systems. The Enterprise Round 6 macOS-focused emulation featured multistage and modular malware that executed operations involving abusing legitimate macOS utilities and collecting and exfiltrating sensitive data.

Round 6 also includes Protection micro emulations. These emulations assess how enterprise cybersecurity solutions can protect against malicious behaviors in a post-compromise environment. Micro emulations involve short sequences of ATT&CK techniques that are frequently used together in real-world attacks.

CyberTech Insights and News: Cynet Achieves 100 Percent Protection & Detection in MITRE 2024

To share your insights, please write to us at news@intentamplify.com

Source – Businesswire