Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/20/2020
03:15 PM
Dark Reading Staff
Dark Reading Staff
Products and Releases
50%
50%

MITRE Engenuity to Evaluate Cybersecurity Products Based on Carbanak and FIN7 Groups

Evaluations are intended to help vendors and end users better understand their products' capabilities in relation to MITRE's publicly accessible ATT&CK framework.

McLean, VA, and Bedford, MA, February 20, 2020 — MITRE Engenuity will assess commercial cybersecurity products against the threat posed by the groups commonly known as Carbanak and FIN7.

Carbanak and FIN7 have each demonstrated the ability to compromise financial service and hospitality organizations through the use of sophisticated malware and techniques, resulting in the theft of more than $1 billion across hundreds of businesses over the past five years. Despite the arrest of key members in 2018, Carbanak and FIN7 remain active cyber threats to organizations globally.

Cybersecurity vendors may apply for an evaluation via [email protected]. The evaluations are paid for by vendors and are intended to help vendors and end-users better understand their product’s capabilities in relation to MITRE’s publicly accessible ATT&CK® framework. Results will be announced in early 2021. ATT&CK evaluations do not provide scores, ranks, or endorsements.

The evaluations use ATT&CK, a MITRE-curated knowledge base of adversary tactics, techniques, and procedures that is based on published threat reporting. ATT&CK is freely available, and is used by cyber defenders in areas including finance, healthcare, energy, manufacturing, retail, and government, to understand adversary behavior and tradecraft.

This latest set of evaluations will be conducted by MITRE Engenuity, a non-profit tech foundation launched last November to collaborate with the private sector on public interest challenges like cybersecurity. As with previous evaluations conducted by MITRE, this set will assess products’ ability to detect tactics and techniques used by the adversary groups in question, with the methodology and resulting data made publicly available so other organizations may benefit as well as provide their own analysis and interpretation. This evaluation will also mark the first time that these same vendors can sign up for an optional extension to their detection evaluation that will exercise their protections related to ATT&CK techniques.

“During the previous evaluations, vendors would note when they believed a protection would have prevented the execution of specific evaluated behaviors. By extending the offering to include protections, the evaluations will be able to definitively say whether this was the case,” said Frank Duff, the ATT&CK Evaluations lead. As with the detection evaluations, the results of these evaluations will be publicly released, giving the users and potential users of these tools clear insights into performance.

The first evaluations examined how products from Carbon Black, CrowdStrike, CounterTack, Endgame, Microsoft, RSA, SentinelOne, Cybereason, F-Secure, FireEye, McAfee, and Palo Alto detected the threat posed by APT3, a Chinese group that analysts believe is currently focused on monitoring Hong Kong-based political targets

The second evaluations examined how products from Bitdefender, Blackberry Cylance, Carbon Black (VMware), CrowdStrike, Cybereason, CyCraft, Endgame (Elastic), F-Secure, FireEye, GoSecure, HanSight, Kaspersky, Malwarebytes, McAfee, Microsoft, Palo Alto Networks, ReaQta, Secureworks, SentinelOne, Symantec (Broadcom), and Trend Micro detected the tactics and techniques of APT29, a group that analysts say operates on behalf of the Russian government and compromised the Democratic National Committee starting in 2015. Results from the APT29 evaluations are expected to be released in late March 2020.

“We’ve heard from companies that have incorporated data from the first evaluations into their purchasing decisions that doing so has enabled them to make better informed decisions faster and at a far lower cost – up to 10 times less than they would have spent evaluating the products entirely on their own,” Duff said. “We’ve worked to make our results more self-explanatory, so that consumers can make decisions even more easily and effectively.”

About MITRE Engenuity
MITRE Engenuity is a non-profit tech foundation that collaborates with the private sector on challenges that require a public interest solution, like cybersecurity, infrastructure resilience, healthcare effectiveness, and next generation communications. www.mitre-engenuity.org

About MITRE

MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation. www.mitre.org

Media contact:

Jeremy Singer

[email protected]

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Can you smell me now?
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.