MalwarebytesTM, a global leader in real-time cyberprotection, today announced the results of its completed MITRE Engenuity ATT&CK® Evaluation for Endpoint Detection and Response. This round of independent ATT&CK Evaluations for enterprise cybersecurity solutions emulated the Wizard Spider and Sandworm threat groups, highlighting results across 30 vendors.
MITRE ATT&CK Evaluations prioritize threats that present unique impacts to businesses and governments worldwide. Through the lens of the ATT&CK knowledge base, Evals focused on two threat actors, Wizard Spider and Sandworm. Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since August 2018 against a variety of organizations, ranging from major corporations to hospitals. Sandworm is a destructive Russian threat group that is known for carrying out notable attacks such as the 2015 and 2016 targeting of Ukrainian electrical companies and 2017’s NotPetya attacks. These two threat actors were chosen based on their complexity, relevancy to the market, and how well MITRE Engenuity’s staff can fittingly emulate the adversary.
“As cybersecurity threats increase in both number and sophistication, it is essential for organizations to strengthen their prevention and response capabilities,” said Barry Mainz, Malwarebytes’ Chief Operating Officer. “Malwarebytes’ Endpoint Detection and Response platform includes the powerful tools that individuals and enterprises alike need in order to ensure an effective proactive security posture. The results of our ATT&CK evaluations are a testament to our leadership and continued growth in this space.”
“This latest round indicates significant product growth from our vendor participants. We are seeing greater emphasis in threat informed defense capabilities, which in turn has developed the infosec community’s emphasis on prioritizing the ATT&CK Framework,” said Ashwin Radhakrishnan, acting General Manager of ATT&CK Evaluations at MITRE Engenuity.
The Evals team chose to emulate two threat groups that abuse the Data Encrypted For Impact (T1486) technique. In Wizard Spider’s case, they have leveraged data encryption for ransomware, including the widely known Ryuk malware (S0446). Sandworm, on the other hand, leveraged encryption for the destruction of data, perhaps most notably with their NotPetya malware (S0368) that disguised itself as ransomware. While the common thread to this year’s evaluations is “Data Encrypted for Impact,” both groups have substantial reporting on a broad range of post-exploitation tradecraft.
Also Read: Crypto-To-Fiat Solution Swapin Successfully Completes Funding Round
With a lightweight agent that can be set up in less than an hour, Malwarebytes’ Endpoint Detection and Response (EDR) solution simplifies prevention, detection, isolation, investigation, and remediation of threats in a matter of minutes. The cloud-based platform includes a comprehensive suite of tools that modern enterprises need to protect their organizations, including brute force protection, policies to block USB devices and enforce data encryption remotely, continuous monitoring, and visibility into Windows and macOS devices. Malwarebytes’ EDR platform also offers automated functions that accelerate threat detection and response, enabling customers to quickly isolate and investigate suspicious activity, remediate, and implement 72-hour ransomware rollback without disrupting end-user productivity.
About MITRE Engenuity
MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.