Ransomware, Threat Management

MSSPs Can Help Make the Next MITRE ATT&CK Evaluations macOS-Strong

Share
Credit: Adobe Stock Images

MSSPs have been essential participants in previous MITRE ATT&CK Engenuity Evaluations, and with a new call out to join in a sixth round of evaluations their involvement could help form the basis of an independent and objective assessment of enterprise cybersecurity solutions.

This latest round of evaluations will examine common behaviors prevalent across prolific ransomware campaigns and feature an introduction into macOS. Specifically, the evaluations will focus on macOS targeting by the Democratic People’s Republic of Korea (DPRK), MITRE said in a prepared statement.

Participants must sign up for the evaluations by April 30, 2024. Results of the evaluations will be posted in the fourth quarter of 2024. For results of previous evaluations, visit https://attackevals.mitre-engenuity.org.

Why Ransomware, macOS?

MITRE will focus the evaluations on key adversary behaviors such as the abuse of legitimate tools and efforts to evade defenses. Accordingly, the macOS emulation will delve into adversary behavior inspired by the DPRK’s shift into developing sophisticated, multi-stage malware.

“We chose to emulate ransomware, as it continues to be one of the most significant cybercriminal threats across industry verticals — one that can lead to devastating outcomes and widespread damage,” said Amy Robertson, principal, cyber threat intelligence analyst, ATT&CK Evals. “The DPRK has emerged as a formidable cyber threat, and they have progressively been expanding their focus to macOS as they work to evade international sanctions. This round will also incorporate multiple smaller emulations, introducing a more nuanced and targeted evaluation of defensive capabilities.”

Welcoming the broadened the scope of evaluations to include macOS, William Booth, general manager, ATT&CK Evals, added, “This round will feature new insights, with a particular focus on efficiency, including true positive and false positive rates, which more accurately reflect the real-world performance of a tool.”

More About MITRE, MSSP Contributions

MITRE Engenuity is a subsidiary of MITRE, a tech foundation whose teams are dedicated to solving problems for a cyber-safe world through its public-private partnerships and federally funded research and development centers.

MITRE’s Evals program is part of MITRE Engenuity’s portfolio of programs to create a free, globally accessible knowledge base that helps government and industry combat cyberattacks using purple-teaming (competing offensive and defensive exercises). While the evaluations do not rank vendors and their solutions, MSSPs and other security vendors can turn to the Evals program to improve their offerings and provide defenders with insights into their product’s capabilities and performance.

MITRE conducted its initial ATT&CK Evaluations for security service providers in 2021, highlighting results across 16 providers while assessing their ability to analyze and describe adversary behavior.

Those initial participants included: Atos, Bitdefender, BlackBerry, BlueVoyant, Critical Start, CrowdStrike, Microsoft, NVISO, OpenText, Palo Alto Networks, Rapid7, Red Canary, SentinelOne, Sophos, Trend Micro, and WithSecure.

The resulting report, 2021 Managed Services Report, No Rest for the Wary, found that 68% of respondents used security services, yet 47% were not confident in the service technology or people. When asked whether teams conduct offensive testing before the selection process, 59% of respondents claimed to conduct offensive testing on products while only 53% conducted testing on services.

See more ATT&CK Evals results here.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.