Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/20/2020
03:15 PM
Dark Reading Staff
Dark Reading Staff
Products and Releases
50%
50%

MITRE Engenuity to Evaluate Cybersecurity Products Based on Carbanak and FIN7 Groups

Evaluations are intended to help vendors and end users better understand their products' capabilities in relation to MITRE's publicly accessible ATT&CK framework.

McLean, VA, and Bedford, MA, February 20, 2020 — MITRE Engenuity will assess commercial cybersecurity products against the threat posed by the groups commonly known as Carbanak and FIN7.

Carbanak and FIN7 have each demonstrated the ability to compromise financial service and hospitality organizations through the use of sophisticated malware and techniques, resulting in the theft of more than $1 billion across hundreds of businesses over the past five years. Despite the arrest of key members in 2018, Carbanak and FIN7 remain active cyber threats to organizations globally.

Cybersecurity vendors may apply for an evaluation via [email protected]. The evaluations are paid for by vendors and are intended to help vendors and end-users better understand their product’s capabilities in relation to MITRE’s publicly accessible ATT&CK® framework. Results will be announced in early 2021. ATT&CK evaluations do not provide scores, ranks, or endorsements.

The evaluations use ATT&CK, a MITRE-curated knowledge base of adversary tactics, techniques, and procedures that is based on published threat reporting. ATT&CK is freely available, and is used by cyber defenders in areas including finance, healthcare, energy, manufacturing, retail, and government, to understand adversary behavior and tradecraft.

This latest set of evaluations will be conducted by MITRE Engenuity, a non-profit tech foundation launched last November to collaborate with the private sector on public interest challenges like cybersecurity. As with previous evaluations conducted by MITRE, this set will assess products’ ability to detect tactics and techniques used by the adversary groups in question, with the methodology and resulting data made publicly available so other organizations may benefit as well as provide their own analysis and interpretation. This evaluation will also mark the first time that these same vendors can sign up for an optional extension to their detection evaluation that will exercise their protections related to ATT&CK techniques.

“During the previous evaluations, vendors would note when they believed a protection would have prevented the execution of specific evaluated behaviors. By extending the offering to include protections, the evaluations will be able to definitively say whether this was the case,” said Frank Duff, the ATT&CK Evaluations lead. As with the detection evaluations, the results of these evaluations will be publicly released, giving the users and potential users of these tools clear insights into performance.

The first evaluations examined how products from Carbon Black, CrowdStrike, CounterTack, Endgame, Microsoft, RSA, SentinelOne, Cybereason, F-Secure, FireEye, McAfee, and Palo Alto detected the threat posed by APT3, a Chinese group that analysts believe is currently focused on monitoring Hong Kong-based political targets

The second evaluations examined how products from Bitdefender, Blackberry Cylance, Carbon Black (VMware), CrowdStrike, Cybereason, CyCraft, Endgame (Elastic), F-Secure, FireEye, GoSecure, HanSight, Kaspersky, Malwarebytes, McAfee, Microsoft, Palo Alto Networks, ReaQta, Secureworks, SentinelOne, Symantec (Broadcom), and Trend Micro detected the tactics and techniques of APT29, a group that analysts say operates on behalf of the Russian government and compromised the Democratic National Committee starting in 2015. Results from the APT29 evaluations are expected to be released in late March 2020.

“We’ve heard from companies that have incorporated data from the first evaluations into their purchasing decisions that doing so has enabled them to make better informed decisions faster and at a far lower cost – up to 10 times less than they would have spent evaluating the products entirely on their own,” Duff said. “We’ve worked to make our results more self-explanatory, so that consumers can make decisions even more easily and effectively.”

About MITRE Engenuity
MITRE Engenuity is a non-profit tech foundation that collaborates with the private sector on challenges that require a public interest solution, like cybersecurity, infrastructure resilience, healthcare effectiveness, and next generation communications. www.mitre-engenuity.org

About MITRE

MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation. www.mitre.org

Media contact:

Jeremy Singer

[email protected]

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3326
PUBLISHED: 2021-01-27
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2021-22641
PUBLISHED: 2021-01-27
A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVE-2021-22653
PUBLISHED: 2021-01-27
Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVE-2021-22655
PUBLISHED: 2021-01-27
Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVE-2021-26276
PUBLISHED: 2021-01-27
** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data.