Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/20/2020
03:15 PM
Dark Reading Staff
Dark Reading Staff
Products and Releases
50%
50%

MITRE Engenuity to Evaluate Cybersecurity Products Based on Carbanak and FIN7 Groups

Evaluations are intended to help vendors and end users better understand their products' capabilities in relation to MITRE's publicly accessible ATT&CK framework.

McLean, VA, and Bedford, MA, February 20, 2020 — MITRE Engenuity will assess commercial cybersecurity products against the threat posed by the groups commonly known as Carbanak and FIN7.

Carbanak and FIN7 have each demonstrated the ability to compromise financial service and hospitality organizations through the use of sophisticated malware and techniques, resulting in the theft of more than $1 billion across hundreds of businesses over the past five years. Despite the arrest of key members in 2018, Carbanak and FIN7 remain active cyber threats to organizations globally.

Cybersecurity vendors may apply for an evaluation via [email protected]tre-engenuity.org. The evaluations are paid for by vendors and are intended to help vendors and end-users better understand their product’s capabilities in relation to MITRE’s publicly accessible ATT&CK® framework. Results will be announced in early 2021. ATT&CK evaluations do not provide scores, ranks, or endorsements.

The evaluations use ATT&CK, a MITRE-curated knowledge base of adversary tactics, techniques, and procedures that is based on published threat reporting. ATT&CK is freely available, and is used by cyber defenders in areas including finance, healthcare, energy, manufacturing, retail, and government, to understand adversary behavior and tradecraft.

This latest set of evaluations will be conducted by MITRE Engenuity, a non-profit tech foundation launched last November to collaborate with the private sector on public interest challenges like cybersecurity. As with previous evaluations conducted by MITRE, this set will assess products’ ability to detect tactics and techniques used by the adversary groups in question, with the methodology and resulting data made publicly available so other organizations may benefit as well as provide their own analysis and interpretation. This evaluation will also mark the first time that these same vendors can sign up for an optional extension to their detection evaluation that will exercise their protections related to ATT&CK techniques.

“During the previous evaluations, vendors would note when they believed a protection would have prevented the execution of specific evaluated behaviors. By extending the offering to include protections, the evaluations will be able to definitively say whether this was the case,” said Frank Duff, the ATT&CK Evaluations lead. As with the detection evaluations, the results of these evaluations will be publicly released, giving the users and potential users of these tools clear insights into performance.

The first evaluations examined how products from Carbon Black, CrowdStrike, CounterTack, Endgame, Microsoft, RSA, SentinelOne, Cybereason, F-Secure, FireEye, McAfee, and Palo Alto detected the threat posed by APT3, a Chinese group that analysts believe is currently focused on monitoring Hong Kong-based political targets

The second evaluations examined how products from Bitdefender, Blackberry Cylance, Carbon Black (VMware), CrowdStrike, Cybereason, CyCraft, Endgame (Elastic), F-Secure, FireEye, GoSecure, HanSight, Kaspersky, Malwarebytes, McAfee, Microsoft, Palo Alto Networks, ReaQta, Secureworks, SentinelOne, Symantec (Broadcom), and Trend Micro detected the tactics and techniques of APT29, a group that analysts say operates on behalf of the Russian government and compromised the Democratic National Committee starting in 2015. Results from the APT29 evaluations are expected to be released in late March 2020.

“We’ve heard from companies that have incorporated data from the first evaluations into their purchasing decisions that doing so has enabled them to make better informed decisions faster and at a far lower cost – up to 10 times less than they would have spent evaluating the products entirely on their own,” Duff said. “We’ve worked to make our results more self-explanatory, so that consumers can make decisions even more easily and effectively.”

About MITRE Engenuity
MITRE Engenuity is a non-profit tech foundation that collaborates with the private sector on challenges that require a public interest solution, like cybersecurity, infrastructure resilience, healthcare effectiveness, and next generation communications. www.mitre-engenuity.org

About MITRE

MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation. www.mitre.org

Media contact:

Jeremy Singer

[email protected]

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10696
PUBLISHED: 2020-03-31
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
CVE-2020-5344
PUBLISHED: 2020-03-31
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially cr...
CVE-2020-5292
PUBLISHED: 2020-03-31
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and admini...
CVE-2020-7009
PUBLISHED: 2020-03-31
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
CVE-2019-13495
PUBLISHED: 2020-03-31
In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field.