logo
        • Who We Are
        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage
        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us
        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Cybersecurity
        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations
        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense
        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • Developing tomorrow's cyber workforce today.
        • News & Insights
        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

        • Subscribe to Our Newsletters
        • Our tech foundation is addressing the complex problems that face our nation today. Find out how you can join our efforts as we spur innovation for public good.

          Subscribe

MITRE Engenuity ATT&CK Evaluations Enterprise Begins Execution with a Focus on Ransomware with an Introduction to macOS

The ATT&CK Evaluations Enterprise Call for Participation has closed and will examine behaviors across ransomware specifically focusing on macOS by the Democratic People’s Republic of Korea (DPRK). We would like to recognize the following participants in this sixth round of Enterprise evaluations:  AhnLab, Bitdefender, Check Point, Cisco Systems, CrowdStrike, Cybereason, Cynet, ESET, HarfangLab, IBM, Malwarebytes, Microsoft, Palo Alto Networks, Qualys, SentinelOne, Sophos, TEHTRIS, Trellix, Trend Micro, WatchGuard, and WithSecure.

Two distinct adversary focus areas – increased platform scope and additional efficiency metrics – will more accurately represent real-world performances and cost of securities of the participants’ offerings than ever before.

The process of conducting the evaluations will run through the third quarter of this year with results scheduled to publish in the fourth quarter of 2024. We look forward to working with this cohort in continuing a more collaborative and threat-informed approach to cybersecurity.

Adversary

Ransomware remains one of the most significant global cybercriminal threats across all industries. In response to evolving defensive capabilities, ransomware operators are continuously adjusting their activities within an ecosystem shaped by advancing technology and Ransomware-as-a-service (RaaS) models. The evolution to the more adaptable RaaS model reduces barriers to entry for malicious groups, eliminating the need for custom malware and enabling less experienced operators to successfully target organizations.

Through the lens of the MITRE ATT&CK knowledge base, this round of evaluations will focus on key adversary behaviors inspired by ransomware; the macOS emulation will delve into adversary behavior inspired by the DPRK’s shift into developing sophisticated, multi-stage malware.

For a more comprehensive overview of detection categories and the details of this round, visit https://attackevals.mitre-engenuity.org/enterprise/er6/

What’s Next?

These objective and impartial evaluations are part of MITRE Engenuity’s portfolio of programs to help government and industry combat cybersecurity attacks through threat-informed defense practices. The evaluations do not rank vendors and their solutions; however, organizations can use the results to determine which vendors and solutions may best address their own cybersecurity requirements and fit their particular business needs. Stay tuned to ATT&CK Evaluations news for Enterprise results later this year, and other updates before then.