MSSPs have been essential participants in previous MITRE ATT&CK Engenuity Evaluations, and with a new call out to join in a sixth round of evaluations their involvement could help form the basis of an independent and objective assessment of enterprise cybersecurity solutions.
This latest round of evaluations will examine common behaviors prevalent across prolific ransomware campaigns and feature an introduction into macOS. Specifically, the evaluations will focus on macOS targeting by the Democratic People’s Republic of Korea (DPRK), MITRE said in a prepared statement.
Participants must sign up for the evaluations by April 30, 2024. Results of the evaluations will be posted in the fourth quarter of 2024. For results of previous evaluations, visit https://attackevals.mitre-engenuity.org.
Why Ransomware, macOS?
MITRE will focus the evaluations on key adversary behaviors such as the abuse of legitimate tools and efforts to evade defenses. Accordingly, the macOS emulation will delve into adversary behavior inspired by the DPRK’s shift into developing sophisticated, multi-stage malware.
“We chose to emulate ransomware, as it continues to be one of the most significant cybercriminal threats across industry verticals — one that can lead to devastating outcomes and widespread damage,” said Amy Robertson, principal, cyber threat intelligence analyst, ATT&CK Evals. “The DPRK has emerged as a formidable cyber threat, and they have progressively been expanding their focus to macOS as they work to evade international sanctions. This round will also incorporate multiple smaller emulations, introducing a more nuanced and targeted evaluation of defensive capabilities.”
Welcoming the broadened the scope of evaluations to include macOS, William Booth, general manager, ATT&CK Evals, added, “This round will feature new insights, with a particular focus on efficiency, including true positive and false positive rates, which more accurately reflect the real-world performance of a tool.”
More About MITRE, MSSP Contributions
MITRE Engenuity is a subsidiary of MITRE, a tech foundation whose teams are dedicated to solving problems for a cyber-safe world through its public-private partnerships and federally funded research and development centers.
MITRE’s Evals program is part of MITRE Engenuity’s portfolio of programs to create a free, globally accessible knowledge base that helps government and industry combat cyberattacks using purple-teaming (competing offensive and defensive exercises). While the evaluations do not rank vendors and their solutions, MSSPs and other security vendors can turn to the Evals program to improve their offerings and provide defenders with insights into their product’s capabilities and performance.
MITRE conducted its initial ATT&CK Evaluations for security service providers in 2021, highlighting results across 16 providers while assessing their ability to analyze and describe adversary behavior.
Those initial participants included: Atos, Bitdefender, BlackBerry, BlueVoyant, Critical Start, CrowdStrike, Microsoft, NVISO, OpenText, Palo Alto Networks, Rapid7, Red Canary, SentinelOne, Sophos, Trend Micro, and WithSecure.
The resulting report, 2021 Managed Services Report, No Rest for the Wary, found that 68% of respondents used security services, yet 47% were not confident in the service technology or people. When asked whether teams conduct offensive testing before the selection process, 59% of respondents claimed to conduct offensive testing on products while only 53% conducted testing on services.