BREAKING: MITRE Engenuity Publishes their Blueprint for a Domestic Semiconductor Industry. Read the Paper.

        • Who We Are
        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage
        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us
        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Semiconductors
        • Dive into the revolutionary work that MITRE Engenuity is doing within this critical ecosystem.

        • Circuit Talk
        • Hear directly from the semiconductor experts through our speaker series featuring titans of industry, groundbreaking researchers, and many more.

        • Cybersecurity
        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations
        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense
        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • MITRE ATT&CK Defender
        • Strengthen your threat-informed defense capabilities with our cybersecurity trainings taught by MITRE ATT&CK subject matter experts.

        • Telecom
        • The transformative power of 5G shifts paradigms across industries and empowers businesses to change the way they interact with people. See how MITRE Engenuity is impacting the next generation of telecommunications. 

        • Open Generation 5G Consortium
        • We are getting to our 5G future faster. Discover how we are accelerating network technology and device-to-device application innovation through use case-focused R&D in the Open Generation 5G Consortium.

        • Health
        • We identify potential health security threats to ensure faster public health pandemic responses and incubate new ideas to ensure national health security.

        • Growing Impact
        • We deliver positive public impact through advanced technological innovation projects.

        • Cyber Risk Model for Mobile Digital Financial Services: Securing Mobile Money Services. Explore Our Cyber Risk Model for Mobile Financial Services product
        • Embedded Capture the Flag: Developing Tomorrow's Cyber Workforce Today. Get Involved with MITRE's Embedded Capture the Flag Competition
        • News & Insights
        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

MITRE Engenuity to Evaluate Cybersecurity Products Against Data Encryption Threats Including Ransomware

  • March 16, 2021
lock with circuit board
ATT&CK® Evaluations to Emulate Tactics, Techniques of Sandworm and Wizard Spider Groups McLean, VA, and Bedford, MA, March 16, 2021 — MITRE Engenuity will assess commercial cybersecurity products ability to detect the threat posed by the groups commonly known as Sandworm and Wizard Spider, both of whom have used data encryption as a key element of their attacks. Applications for evaluation are available through May 28. Analysts believe that Sandworm used data encryption to incur more than $10 billion in damage to industry in other attacks with its NotPetya malware. The group is also widely suspected of attacks that have shut down the Ukrainian electrical grid on multiple occasions. Wizard Spider has reportedly used data encryption to steal more than $150 million through ransomware attacks. The evaluations will use ATT&CK®, a MITRE-curated knowledge base of adversary tactics, techniques, and procedures that is based on published threat reporting. ATT&CK is freely available, and is used by cyber defenders in areas including finance, healthcare, energy, manufacturing, retail, and government, to understand adversary behavior and tradecraft. MITRE Engenuity will evaluate each participating vendor’s ability to detect the threats posed by Sandworm and Wizard Spider in two distinct scenarios during the evaluation. All results will be released, and allow the public to see them in entirety or filtered by adversary. “Sandworm and Wizard Spider use a range of strategies and tactics that are typical of a broad range of adversaries that employ data encryption to achieve their goals,” said Frank Duff, ATT&CK Evaluations lead. “We’re increasingly receiving requests to address high-impact techniques like data encryption, which can devastate healthcare organizations, municipal governments, and a wide range of other critical infrastructure,” Duff said. “However, these emulated scenarios will still include the full range of tactics and techniques that these groups use as they penetrate and operate on networks prior to encrypting data.” MITRE Engenuity plans to announce results shortly from its evaluations based on Carbanak and FIN7, groups that analysts believe have stolen more than $1 billion across hundreds of businesses in the financial services and hospitality industries over the past five years. Earlier ATT&CK evaluations examined the threat posed by APT3, a Chinese-based threat group that analysts believe has targeted U.S. organizations and Hong Kong-based political targets, and APT29, a group attributed to the Russian government and the compromise of the Democratic National Committee that started in 2015. Cybersecurity vendors may apply for an evaluation via The evaluations are paid for by vendors and are intended to help vendors and end-users better understand their product’s capabilities in relation to the ATT&CK framework. MITRE Engenuity makes the methodology and resulting data publicly available so other organizations may benefit and conduct their own analysis and interpretation. The evaluations do not provide scores, ranks, or endorsements. Results will be announced in early 2022. Vendors can sign up for an optional extension to their detection evaluation that will exercise their ability to protect against specific adversary techniques utilized by these groups. Media contact: Jeremy Singer

Related Posts


Load More