• Cybersecurity

    ATT&CK Evaluations for Enterprise: Carbanak+FIN7 Welcomes 30 Participants with a Site Update

    Earlier this year we provided additional details on our ATT&CK Evaluations for Enterprise Carbanak and FIN7 evaluation, and also announced that the ATT&CK Evaluations program was moving to MITRE Engenuity, MITRE’s tech foundation for public good. Today we complete our transition with an update to our site and a formal welcome to the participants of this upcoming round of evaluations. As part of MITRE Engenuity, our objectives, ideals, and commitment to help vendors and end-users alike to understand the current state of capabilities to defend against adversary behavior as described by ATT&CK remains unchanged. We will continue to extend our evaluations and release new content to allow everyone to benefit from the work. Read more on our blog. Read More video arrow icon
  • Cybersecurity

    MITRE Engenuity Center for Threat-Informed Defense Releases FIN6 Adversary Emulation Plan

    Plan Empowers Defenders to Emulate Cybercrime Group Targeting Retail, Hospitality McLean, VA, and Bedford, MA, September 15, 2020 — MITRE Engenuity’s Center for Threat-Informed Defense has launched a public library of adversary emulation plans that enable defenders to replicate many of the tactics and techniques used by known cyber adversaries. The first entry features a curated selection of malicious behaviors used by the cybercrime group known as FIN6. Security analysts believe that FIN6 is a financially motivated cybercrime group that has compromised high-volume point-of-sale systems in the hospitality and retail sectors since at least 2015. The group has focused on U.S. and European e-commerce sites and multinational organizations, though it has targeted companies based in other countries as well. FireEye... Read More video arrow icon
  • Cybersecurity

    Announcing the ATT&CK Evaluations for ICS Fall 2020 Cohort

    In May, MITRE Engenuity announced an expansion of its ATT&CK Evaluations program to include an evaluation centered around industrial control system (ICS) detection capabilities. Today, we’re very excited to announce that our initial participants will include: Armis CyberX, a Microsoft company Dragos The Institute for Information Industry Kaspersky Read more on our blog. Read More video arrow icon
  • Cybersecurity

    EU ATT&CK Community Workshop

    On May 18-19, the MITRE Engenuity Center for Threat-Informed Defense co-hosted an ATT&CK Workshop with Freddy Dezeure that had more than 1,800 participants representing over 75 countries from across the globe. During the workshop, we polled attendees to gain critical insights into how the ATT&CK framework is being used. Amongst what we found was that the majority of users rely on ATT&CK for detection and threat intelligence – and that much of the community is preparing for sub-technique implementation. Learn more about the poll results here. The Workshop featured 39 presentations from a wide range of ATT&CK framework users and resource developers, as well as members of the ATT&CK team at MITRE. MITRE Engenuity was honored to support this global... Read More video arrow icon
  • Press Release

    MITRE Engenuity Announces ATT&CK Evaluations for ICS Vendors

    Evaluations to Focus on Malware Capable of Physical Damage McLean, VA, and Bedford, MA, May 5, 2020 — MITRE’s foundation for public good, MITRE Engenuity, will conduct an ATT&CK® evaluation to assess industrial control system (ICS) cybersecurity vendors against the threat posed by Triton. This Russian-linked malware is one of the most disruptive and destructive types targeting critical infrastructure. Triton has been used to compromise industrial systems across the globe, including oil and gas and electrical plants in the Middle East, Europe, and North America. Triton targets safety systems, preventing a response to a failure, hazard, or other unsafe conditions. Triton is one of the few known malware attacks in the ICS space capable of physical destruction. The evaluations use... Read More video arrow icon
  • Cybersecurity

    APT29 ATT&CK® Evaluations Results Released

    Since MITRE introduced ATT&CK in May 2015, the practitioner community has come to rely on it to enable better communications and management around cybersecurity. ATT&CK Evaluations leverages this knowledge base to provide vendors with an assessment of their capability’s ability to defend against specific adversary’s tactics and techniques, and their users with transparency around their capabilities. MITRE has just released the latest round of results for APT29. MITRE Engenuity is excited to lead the next round of evaluations Carbanak/FIN7. We will continue to build on MITRE’s established foundation as we manage the oversight of the ATT&CK Evaluation program. For additional details, contact us. Read More video arrow icon
  • Cybersecurity

    Adversary TTPs in the News

    See the full PDF here: covidttps041720 Read More video arrow icon
  • Cybersecurity

    MITRE Engenuity to Evaluate Cybersecurity Products Based on Carbanak and FIN7 Groups

    ATT&CK® Evaluations Effort to Address Threats to Financial Systems McLean, VA, and Bedford, MA, February 20, 2020 — MITRE Engenuity will assess commercial cybersecurity products against the threat posed by the groups commonly known as Carbanak and FIN7. Carbanak and FIN7 have each demonstrated the ability to compromise financial service and hospitality organizations through the use of sophisticated malware and techniques, resulting in the theft of more than $1 billion across hundreds of businesses over the past five years. Despite the arrest of key members in 2018, Carbanak and FIN7 remain active cyber threats to organizations globally. Cybersecurity vendors may apply for an evaluation via evals@mitre-engenuity.org. The evaluations are paid for by vendors and are intended to help vendors and... Read More video arrow icon
  • Press Release

    MITRE Establishes Engenuity, a Foundation to Foster Private Sector Collaboration on Critical Infrastructure

    MITRE Engenuity to solve complex public challenges in cyber, 5G, and healthcare analytics   McLean, Va., and Bedford, Mass., November 12, 2019 — MITRE has launched a tech foundation to advance its mission of solving problems for a safer world by working with the private sector to strengthen critical infrastructure. The foundation provides MITRE a new pathway to work with industry, academia, and other organizations beyond its work with the federal government. MITRE Engenuity is a distinct, non-profit company with a separate board of directors and private funding. “MITRE has a history of transforming cybersecurity standards, improving aviation safety, and advancing healthcare analytics through our operation of federal research and development centers,” said Jason Providakes, MITRE president and CEO. “Through... Read More video arrow icon
  • Video

    About MITRE Engenuity

    Read More video arrow icon