ATT&CK Evaluations to examine behaviors across ransomware with an introduction to macOS
McLean, Va., and Bedford, Mass., January 30, 2024 — MITRE Engenuity opened its call for participation in ATT&CK® Evaluations, an independent and objective assessment of enterprise cybersecurity solutions. This sixth round of evaluations will examine common behaviors that are prevalent across prolific ransomware campaigns and feature an introduction into macOS, specifically focusing on macOS targeting by the Democratic People’s Republic of Korea (DPRK).
“We’re thrilled to broaden the scope of ATT&CK Evaluations to include macOS, emphasizing our commitment to comprehensive, platform-diverse assessments,” said William Booth, general manager, ATT&CK Evals. “This round will feature new insights, with a particular focus on efficiency, including true positive and false positive rates, which more accurately reflect the real-world performance of a tool.”
Through the lens of the MITRE ATT&CK knowledge base, this round of evaluations will focus on key adversary behaviors inspired by ransomware, such as the abuse of legitimate tools and efforts to evade defenses. The macOS emulation will delve into adversary behavior inspired by the DPRK’s shift into developing sophisticated, multi-stage malware.
“We chose to emulate ransomware, as it continues to be one of the most significant cybercriminal threats across industry verticals – one that can lead to devastating outcomes and widespread damage,” said Amy Robertson, principal, cyber threat intelligence analyst, ATT&CK Evals. “The DPRK has emerged as a formidable cyber threat, and they have progressively been expanding their focus to macOS as they work to evade international sanctions. This round will also incorporate multiple smaller emulations, introducing a more nuanced and targeted evaluation of defensive capabilities.”
These open and fair evaluations are part of MITRE Engenuity’s portfolio of programs to help government and industry combat cybersecurity attacks through threat-informed defense practices. The evaluations do not rank vendors and their solutions; however, organizations can use the results to determine which vendors and solutions may best address their own cybersecurity gaps and fit their particular business needs.
Participants must sign up for the evaluations by April 30, 2024. Results of the evaluations will be posted in the fourth quarter of 2024. For results of previous evaluations, visit https://attackevals.mitre-engenuity.org
ABOUT MITRE ENGENUITY
MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.
MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense. www.mitre-engenuity.org
ABOUT MITRE ENGENUITY ATT&CK® EVALUATIONS
ATT&CK® Evaluations is built on the backbone of MITRE’s objective insight and conflict-free perspective. Cybersecurity vendors turn to the Evals program to improve their offerings and to provide defenders with insights into their product’s capabilities and performance. Evals enables defenders to make better informed decisions on how to leverage the products that secure their networks. The program follows a rigorous, transparent methodology, using a collaborative, threat-informed, purple-teaming approach that brings together vendors and MITRE experts to evaluate solutions within the context of ATT&CK. In line with MITRE Engenuity’s commitment to serve the public good, Evals results and threat emulation plans are freely accessible. https://attackevals.mitre-engenuity.org/
Media Contact: Lisa Fasold, media@mitre.org
© 2024 MITRE #24-0267 01-30-2024