Cybersecurity

MITRE Engenuity to Evaluate Cybersecurity Products Based on Carbanak and FIN7 Groups

February 20, 2020

ATT&CK® Evaluations Effort to Address Threats to Financial Systems

McLean, VA, and Bedford, MA, February 20, 2020 — MITRE Engenuity will assess commercial cybersecurity products against the threat posed by the groups commonly known as Carbanak and FIN7.
Carbanak and FIN7 have each demonstrated the ability to compromise financial service and hospitality organizations through the use of sophisticated malware and techniques, resulting in the theft of more than $1 billion across hundreds of businesses over the past five years. Despite the arrest of key members in 2018, Carbanak and FIN7 remain active cyber threats to organizations globally.

Cybersecurity vendors may apply for an evaluation via evals@mitre-engenuity.org. The evaluations are paid for by vendors and are intended to help vendors and end-users better understand their product’s capabilities in relation to MITRE’s publicly accessible ATT&CK® framework. Results will be announced in early 2021. ATT&CK evaluations do not provide scores, ranks, or endorsements.

The evaluations use ATT&CK, a MITRE-curated knowledge base of adversary tactics, techniques, and procedures that is based on published threat reporting. ATT&CK is freely available, and is used by cyber defenders in areas including finance, healthcare, energy, manufacturing, retail, and government, to understand adversary behavior and tradecraft.

This latest set of evaluations will be conducted by MITRE Engenuity, a non-profit tech foundation launched last November to collaborate with the private sector on public interest challenges like cybersecurity. As with previous evaluations conducted by MITRE, this set will assess products’ ability to detect tactics and techniques used by the adversary groups in question, with the methodology and resulting data made publicly available so other organizations may benefit as well as provide their own analysis and interpretation. This evaluation will also mark the first time that these same vendors can sign up for an optional extension to their detection evaluation that will exercise their protections related to ATT&CK techniques.

“During the previous evaluations, vendors would note when they believed a protection would have prevented the execution of specific evaluated behaviors. By extending the offering to include protections, the evaluations will be able to definitively say whether this was the case,” said Frank Duff, the ATT&CK Evaluations lead. As with the detection evaluations, the results of these evaluations will be publicly released, giving the users and potential users of these tools clear insights into performance.
The first evaluations examined how products from Carbon Black, CrowdStrike, CounterTack, Endgame, Microsoft, RSA, SentinelOne, Cybereason, F-Secure, FireEye, McAfee, and Palo Alto detected the threat posed by APT3, a Chinese group that analysts believe is currently focused on monitoring Hong Kong-based political targets.

The second evaluations examined how products from Bitdefender, Blackberry Cylance, Carbon Black (VMware), CrowdStrike, Cybereason, CyCraft, Endgame (Elastic), F-Secure, FireEye, GoSecure, HanSight, Kaspersky, Malwarebytes, McAfee, Microsoft, Palo Alto Networks, ReaQta, Secureworks, SentinelOne, Symantec (Broadcom), and Trend Micro detected the tactics and techniques of APT29, a group that analysts say operates on behalf of the Russian government and compromised the Democratic National Committee starting in 2015. Results from the APT29 evaluations are expected to be released in late March 2020.

“We’ve heard from companies that have incorporated data from the first evaluations into their purchasing decisions that doing so has enabled them to make better informed decisions faster and at a far lower cost – up to 10 times less than they would have spent evaluating the products entirely on their own,” Duff said. “We’ve worked to make our results more self-explanatory, so that consumers can make decisions even more easily and effectively.”

About MITRE Engenuity
MITRE Engenuity is a non-profit tech foundation that collaborates with the private sector on challenges that require a public interest solution, like cybersecurity, infrastructure resilience, healthcare effectiveness, and next generation communications. www.mitre-engenuity.org

About MITRE
MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation. www.mitre.org

Media contact:
Jeremy Singer
info@mitre-engenuity.org