Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

MITRE Engenuity ATT&CK Evaluations Highlights Uptycs’ Ransomware Detection Capabilities

Uptycs, provider of the first cloud-native security analytics platform enabling cloud and endpoint security from a common solution, announced the results of its completed MITRE Engenuity ATT&CK Enterprise Evaluation, Round 4. This round of independent ATT&CK Evaluations for enterprise cybersecurity solutions emulated the Wizard Spider and Sandworm threat groups. Wizard Spider is responsible for the infamous Ryuk ransomware family, and Sandworm is a Russian cyber military unit behind the 2017 NotPetya attacks.

“Ransomware is a growing scourge for all types of organizations and the focus of these MITRE Engenuity ATT&CK Evaluations could not come at a more appropriate time,” said Ganesh Pai, Co-founder and CEO at Uptycs. “Security teams can use these evaluation results to identify gaps in their detection coverage. Our strong performance in both the Windows and Linux portions of the evaluation demonstrate how Uptycs helps these Security teams to detect even advanced ransomware actors, in addition to the hardening needed to minimize the risk of ransomware in the first place.”

Recommended AI News: Adani Group Accelerates Enterprise-Wide Digital Transformation Strategy with Google Cloud

The MITRE Engenuity evaluations team chose to emulate two threat groups that abuse the Data Encrypted For Impact (T1486) technique. In Wizard Spider’s case, they have leveraged data encryption for ransomware, including the widely known Ryuk malware (S0446). Sandworm, on the other hand, leveraged encryption for the destruction of data, perhaps most notably with their NotPetya malware (S0368) that disguised itself as ransomware. While the common thread to this year’s evaluations is “Data Encrypted for Impact,” both groups have substantial reporting on a broad range of post-exploitation tradecraft.

Related Posts
1 of 40,714

New advanced detection capabilities helped Uptycs perform strongly in the Wizard Spider and Sandworm evaluation, including:

  • Ransomware detection – Uptycs provides generic detection and protection against ransomware attacks on Windows operating systems. The capability analyzes telemetry inside the endpoint agent so it can protect against the attacks in offline mode.
  • Process code injection / DLL injection and process hollowing – Uptycs provides generic detection to process code injection and process hollowing on both Windows and Linux endpoints. Process code injection is a technique used by attackers to inject malicious code inside a trusted running process to evade detection.
  • Master boot record (MBR) overwrite – Uptycs provides generic detection of MBR overwrite on Windows-based endpoints. MBR overwrite is a technique used by adversaries where the goal is to disrupt operations and make the system unusable.
  • Lsass.exe memory credential dumping – To detect attacker attempts to steal credentials, Uptycs provides generic detection of lsass.exe (Local Security Authority Subsystem Service) memory credential dumping on Windows-based endpoints.

Recommended AI News: Onspring Releases New Version of its Process Automation Software, Equipped with Client-requested Enhancements and Integrations

[To share your insights with us, please write to sghosh@martechseries.com]

Comments are closed.