- Watch Out For the Ruling Trends in Mobile Game App Development
- Essential Tips to Help You Create Successful Game Apps
- Fintech vs Techfin: Where Does the Future of Banking Lies?
- Vulnerability Management Process: The Crucial Way to Maintain Your Cyber Security Posture
- Why React Native Framework is the Right Choice for Hybrid App Development
- Why Do You Need Financial Software Development Service for Your Business
- Importance of Fintech Solutions in This Digital Age
- Learn Why it Important To Integrate Content Marketing & SEO
- How Mobile Apps Are Making A Difference in Real Estate Industry
- 10 Useful Tips to Create Highly Engaging Social Media Content
- Building A Website Gets Easy Without Coding
- Five Main Stages of Game Development
- Top SEO Trends You Must Follow in 2022
- Things to Learn for High-End App Development in 2022
- The Right Strategy to Make Your Mobile App Equipped with Sound Social Networking Tools
- 6 Common Mistakes in Ecommerce Website Development To Avoid
- The Year 2021 and The Challenges In Cybersecurity Industry
- Top Benefits of Having an Impactful UI/ UX Design For Your App
- Useful SEO Tips For Small Businesses Website Optimization
- Know The Different Channels Important To Build Your Online Reputation
- Structured Data: An Important Tool in SEO to Mark Strong Online Presence
- Learn the Different Strategies to Use for B2B Lead Generation in Digital Marketing
- Things to Consider Before Launching Your App in Google Play Store
- Google’s Page Experience Update Now Fully Rolled Out- Here’s What You Can Expect
- 7 Useful Tips to Ensure the Best Android App Development
- Learn Professional Web Development Tips to Build an Efficient Website
- Learn the Effective Ways to Manage Your Online Reputation
- Three Principles Every User Experience Designers Should Follow
- Top 5 Benefits of Integrating Cyber Security Services with Your Business
- Google’s New Safeguards for Minors to Create Safer Space on the Internet
- Benefits of Android Game Development You Must Not Ignore
- Google Removes Safe Browsing and Ad Experience Widgets from Page Experience Ranking Signal Criteria
- Google Changes Eligibility for Fact Check Rich Results
- Why You Need To Hire an Online Reputation Management Company for Your Business
- Complete Guide on 2d and 3d Game Development
- MITRE Engenuity releases first ATT&CK evaluations for Industrial Control Systems Security Tools
- WordPress SEO: 3 Quick and Easy Hacks for PageSpeed & Core Web Vitals
- Researchers Reveal New Trick of Hackers to Disable Macro Security Warnings in Malicious Office Files
- Top PHP Development Tools Leading Website Development Company Uses
- Cloud Security Analysis Solutions: The Next Step to Make Your Data Secure
- Learn How to Optimize Your Site for Google’s Page Experience Update
- Amid Rising Cybersecurity Threat Indian Military Personnel to Get Trained in the US on Cyber Warfare
- How the Network Change in Pandemic Steered to Must Cybersecurity
- 7 Reason You Should Get Mobile App for Your Business
- Google Rolls Out New Spam Algorithm Update: What Changes You Can Expect
- Top 10 Benefits of Unity Game Development
- VPN Attacks: A Rising Threat for Remote Work in the COVID-19 Era
- Google Releases New Framework to Prevent Software Supply Chain Attacks
- GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability
- Read Key Highlights of Google Ads API version 8.0
- Here How the Gaming Giant EA was Hacked
- Know How A Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer
- Learn How to Find the Best UI/UX Development Company
- Trends of 2021 Every Top Cyber Security Company in India Follows
- Improve your Conversion Rate with 10 Essential Elements of Good SEO
- Google Announces New Features for App Advertisers to Improve ROI
- FragAttacks: Set of New Vulnerabilities that Expose Nearly All Wi-Fi Devices to Attacks
- Latest Technologies and Trends in Mobile Game App Development
- Babuk – How a Newcomer soon becomes a Growing Ransomware Threat
- 5 Characteristics of the Best Digital Marketing Services Provider
- Here are the Tips to Choose the Best Game App Development Company
- 7 Reasons to do Search Engine Optimization for your Website
- Integrating AI with Cyber Security – Tomorrow of Cyber Security
- How Much Does HIPAA Compliance Cost?
- Best Android Game App Development Company Doesn’t Miss out Following Features
- Effective Voice Search Statistics for 2020
- Android 10: Everything You Need to Know
- How to Make Massive Money with Mobile Apps In 2020
- Drastic boost in mobile gaming during coronavirus lockdown
- Cyber security – A Tool to Address Digital World’s Major Issues; Cyber Attack
- 5 facts to keep in mind before hiring Game app development Company in India.
- Best iOS games app development
MITRE Engenuity releases first ATT&CK evaluations for Industrial Control Systems Security Tools
MITRE Engenuity has recently released results from its first round of independent ATT&CK® Evaluations for Industrial Control Systems (ICS). The evaluations examined how five ICS vendor’s cybersecurity products detected the threat of Russian-linked Triton malware.
TRITON malware is known to target safety systems that prevent operators from responding to failures, hazards and other unsafe conditions, thereby, potentially causing physical destruction, which may lead to fatal consequences. It was developed by Russia’s Central Scientific Research Institute of Chemistry and Mechanics, and used in an attack that shut down a Saudi refinery. It ended with the U.S. Department of Treasury imposing sanctions against the institute.
The evaluations use ATT&CK for Industrial Control Systems (ICS). It’s a MITRE-curated knowledge base of adversary tactics, techniques, and methods based on recognized threats to industrial control systems. There’s a common language offered by ATT&CK for ICS that describes the tactics and techniques used by cyber adversaries while attacking the systems in operating some of the nation’s most critical infrastructures, including energy transmission and distribution plants, oil refineries, wastewater treatment facilities, and more.
The evaluations, which were paid for by the participating vendors, included products from Armis; Claroty; Dragos; the Institute for Information Industry; and Microsoft.
“We chose to emulate the Triton malware because it targets safety systems, which prevent some of the worst consequences from happening when something goes wrong in an industrial control setting,” said Otis Alexander, who leads the ATT&CK Evaluations for ICS. “The amount of publicly reported data from the attacks and the devastating impact of the malware help ensure this is a robust emulation. We hope the evaluations can help organizations find security tools that are best suited to their individual needs.”
There are several other products that offer different approaches to detecting ICS attacks. These evaluations can help security experts to better understand, how to meet the needs of their organization, in the areas that include the stage of attack when the detections occur, the types of data sources that can be collected, and how information may be presented.
Some organizations utilize the time and resources to install and test multiple products to make decisions on what they need to secure their networks. “Our evaluations are intended to take some of the guesswork out of the process and provide clarity about how security products detect adversary activity,” said Alexander.
In addition to the ATT&CK Evaluations for ICS, MITRE Engenuity also evaluates security products for enterprise networks. Recently, MITRE Engenuity conducted an examination of 29 products against the threat from cybercrime groups FIN7 and Carbanak. The evaluations demonstrated the ability to compromise financial service and hospitality organizations, respectively, using malware and tradecraft.
“MITRE Engenuity’s ATT&CK Evaluations program is built on the backbone of MITRE’s integrity and commitment to making the world a safer, more secure place,” said Frank Duff, general manager of the ATT&CK Evaluations program. “Vendors trust us to improve their offerings, and the community trusts that we’ll provide transparency into the technology that is necessary to make the best decisions for their unique environment. Unlike closed-door assessments, we use a purple teaming approach with the vendor to optimize the evaluation process. MITRE experts provide the red team while the vendor provides the blue team to ensure complete visibility while allowing the vendor to learn directly from ATT&CK experts.”
What Vendors Have to Say
Chris Dobrec, vice president of product marketing, Armis: “Armis is thrilled to participate in the first-ever MITRE Engenuity ATT&CK® Evaluations for ICS. The ATT&CK Evaluations help the cybersecurity community by improving security products through real-world tactics and techniques employed by adversaries. This ensures that organizations can actively evaluate ICS security solutions with confidence in order to protect themselves from the latest advances from attackers.”
Grant Geyer, chief product officer, Claroty: “ICS is the new target of choice for cybercriminals and nation-states, as demonstrated by the uptick in cyberattacks on critical infrastructure in recent months, so it’s more important than ever that organizations can ensure that they are equipped to handle this onslaught of attacks. We are honored to participate in the first MITRE Engenuity ATT&CK® Evaluations for ICS, which sets an important new standard for industrial cybersecurity solutions.”
Sergio Caltagirone, vice president of threat intelligence, Dragos, Inc.: “Dragos is excited to have participated in the first-ever MITRE Engenuity ATT&CK Evaluations for ICS. The evaluation process is notable for its approach to impartially testing all participating vendor products so that collectively we can improve the community’s understanding of OT detection. We welcome any opportunity to help build the community knowledge base and are confident that participating in these assessments of detection and protection capabilities contribute to driving our industry forward.”
Yuval Eldar, general manager for IoT/OT security, Microsoft: “As a leader in five Gartner Magic Quadrants and seven Forrester Waves, Microsoft Security is thrilled to be one of a select group of vendors included in the inaugural round of the MITRE Engenuity ATT&CK® Evaluations for ICS. With recent attacks targeting core business operations, community collaboration such as this can help us all create a safer world. We thank MITRE Engenuity for the opportunity to participate in testing our agentless Azure Defender for IoT solution and Azure Sentinel SIEM/SOAR solution. We look forward to our continued partnership and building upon what we learned about the need for a holistic SIEM/XDR view across networks, endpoints, identity, and other domains in our clients’ IT/OT infrastructures.”
About MITRE Engenuity
MITRE Engenuity is a tech foundation that teams up with the private sector on challenges calling for public interest solutions to include cybersecurity, infrastructure resilience, healthcare effectiveness, microelectronics, quantum sensing, and next-generation communications.