MITRE Engenuity ATT&CK® Evaluations Highlights Uptycs' Ransomware Detection Capabilities
31 Mar, 2022, 17:58 ET
Fourth round of Evaluations focus on top ransomware and wiper malware groups, including Russian cyber military unit
WALTHAM, Mass., March 31, 2022 /PRNewswire/ -- Uptycs, provider of the first cloud-native security analytics platform enabling cloud and endpoint security from a common solution, today announced the results of its completed MITRE Engenuity ATT&CK® Enterprise Evaluation, Round 4. This round of independent ATT&CK Evaluations for enterprise cybersecurity solutions emulated the Wizard Spider and Sandworm threat groups. Wizard Spider is responsible for the infamous Ryuk ransomware family, and Sandworm is a Russian cyber military unit behind the 2017 NotPetya attacks.
"Ransomware is a growing scourge for all types of organizations and the focus of these MITRE Engenuity ATT&CK Evaluations could not come at a more appropriate time," said Ganesh Pai, Co-founder and CEO at Uptycs. "Security teams can use these evaluation results to identify gaps in their detection coverage. Our strong performance in both the Windows and Linux portions of the evaluation demonstrate how Uptycs helps these Security teams to detect even advanced ransomware actors, in addition to the hardening needed to minimize the risk of ransomware in the first place."
The MITRE Engenuity evaluations team chose to emulate two threat groups that abuse the Data Encrypted For Impact (T1486) technique. In Wizard Spider's case, they have leveraged data encryption for ransomware, including the widely known Ryuk malware (S0446). Sandworm, on the other hand, leveraged encryption for the destruction of data, perhaps most notably with their NotPetya malware (S0368) that disguised itself as ransomware. While the common thread to this year's evaluations is "Data Encrypted for Impact," both groups have substantial reporting on a broad range of post-exploitation tradecraft.
New advanced detection capabilities helped Uptycs perform strongly in the Wizard Spider and Sandworm evaluation, including:
- Ransomware detection - Uptycs provides generic detection and protection against ransomware attacks on Windows operating systems. The capability analyzes telemetry inside the endpoint agent so it can protect against the attacks in offline mode.
- Process code injection / DLL injection and process hollowing - Uptycs provides generic detection to process code injection and process hollowing on both Windows and Linux endpoints. Process code injection is a technique used by attackers to inject malicious code inside a trusted running process to evade detection.
- Master boot record (MBR) overwrite - Uptycs provides generic detection of MBR overwrite on Windows-based endpoints. MBR overwrite is a technique used by adversaries where the goal is to disrupt operations and make the system unusable.
- Lsass.exe memory credential dumping - To detect attacker attempts to steal credentials, Uptycs provides generic detection of lsass.exe (Local Security Authority Subsystem Service) memory credential dumping on Windows-based endpoints.
For full results and more information about the evaluations, please visit: https://attackevals.mitre-engenuity.org/enterprise/wizard-spider-and-sandworm/.
Sign up for our Uptycs Live webinar to learn more about our participation in the MITRE ATT&CK Evaluations and how our solution protects against ransomware.
About MITRE Engenuity
MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE's mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.
MITRE Engenuity brings MITRE's deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense.
Uptycs provides the first unified, cloud-native security analytics platform that enables both cloud and endpoint security from a common solution. The solution provides a unique telemetry-powered approach to address multiple use cases—including Extended Detection & Response (XDR), Cloud Workload Protection (CWPP), and Cloud Security Posture Management (CSPM). Uptycs enables security professionals to quickly prioritize, investigate, and respond to potential threats across a company's entire attack surface.
Share this article