Tag Archive for: Mitre

Latest Edition of Mitre Cybersecurity Evaluation Program to Tackle Ransomware, Threats to macOS

/in


Common behaviors associated with ransomware campaigns will be tackled in the sixth round of MITRE Engenuity‘s ATT&CK Evaluations, a program that seeks to assess the capabilities and performance of enterprise cybersecurity solutions.

MITRE said Tuesday that applications are already being accepted for the latest round of ATT&CK Evals, whose focus on ransomware stems from the malware type’s persistence as “one of the most significant cybercriminal threats across industry verticals,” according to Amy Robertson, the program’s principal cyber threat intelligence analyst.

Due to the Democratic People’s Republic of Korea targeting macOS, the latest Evals round will also tackle Apple‘s laptop and desktop operating system.

“The DPRK has emerged as a formidable cyber threat, and they have progressively been expanding their focus to macOS as they work to evade international sanctions,” Robertson noted.

For his part, ATT&CK Evals General Manager William Booth said he and his organization were thrilled to expand the scope of the program to include macOS, a move that underscores a “commitment to comprehensive, platform-diverse assessments.”

Results of the evaluations will be released in the fourth quarter of 2024. Those interested in undergoing assessment have until April 30 to apply.

Source…

Enterprises Unprepared to Defend Against MITRE ATT&CK Techniques

/in


Enterprises lack detections for more than three-quarters of all MITRE ATT&CK techniques, while 12% of SIEM rules are broken and will never fire due to data quality issues including misconfigured data sources and missing fields.

These were among the results of a CardinalOps report which analyzed real-world data from production SIEMs including from Splunk, Microsoft Sentinel, IBM QRadar and Sumo Logic.

The data covered more than 4,000 detection rules, nearly one million log sources and hundreds of unique log source types, spanning industry verticals ranging from banking and financial services to manufacturing and energy. 

The study also indicated that while organizations are implementing “detection-in-depth”—collecting data from multiple security layers including Windows endpoints and email—monitoring of containers lags behind.

Broken Rules

Mike Parkin, senior technical engineer at Vulcan Cyber, said the biggest issue he sees is the number of “broken rules” that will never trigger an event.
“While some of them are undoubtedly edge cases that would have been unlikely to trigger an event in any case, many are almost certainly the result of misconfiguration or broken logic,” he said. 

John Gallagher, vice president of Viakoo Labs at Viakoo, said two study findings were particularly concerning.

“While it is encouraging to see there is already sufficient data to detect 94% of potential MITRE ATT&CK techniques, it raises the question of what the missing 6% is and how impactful such attacks might be,” he said.

For example, if the missing 6% resulted in catastrophic damage (e.g., an IoT attack vector that is highly damaging) it might put more focus on achieving higher than 94% coverage. 

He added that “security layers” is a term defined by CardinalOps and is useful for organizations to plan resources and strategies based on their specific organization. “However, it includes containers but not IoT/OT, which seems like a significant oversight,” Gallagher noted.

For example, IoT/OT is used by almost all organizations (more than the 68% who reported using containers) and is less covered by a security layer within their SIEM than containers are.

“Lack of high-fidelity data…

Source…

FDA Collaborates with MITRE to update Medical Device Cybersecurity Playbook | Nexsen Pruet, PLLC

/in


On November 14, 2022, under contract with the United States Food and Drug Administration (FDA), the MITRE Corporation (MITRE), an organization that administers the National Cybersecurity Center of Excellence, a federally funded research and development center dedicated to cybersecurity, published an update to the Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook (the “Playbook”). MITRE also published a Quick Start Companion Guide to the Playbook, which is shorter than the Playbook and consists of tables that align with the structure of the Playbook. MITRE, under contract with the FDA, had prepared and published the first version of the Playbook in October 2018, which followed the 2017 WannaCry ransomware attack (the first known ransomware attack to affect networked medical devices). Since the publication of the first version of the Playbook, the healthcare and public health sector has experienced an increasing number of cyber incidents. For instance, from mid-2020 through 2021, 82% of healthcare systems reported a cyberattack, 34% of which reportedly involved ransomware. Moreover, 133 healthcare entities in the United States appeared on a ransomware extortion blog in 2021.

The Playbook is a resource designed primarily for healthcare delivery organizations (HDOs), such as hospitals and large physician practices, and can be incorporated into an HDOs’ existing medical device cybersecurity response plan or serve as a starting point for HDOs that have no response plan. The Playbook outlines a framework to assist HDOs, their staff involved in medical device cybersecurity incident preparedness and response, and other stakeholders, such as device manufacturers and other entities that support HDOs’ response efforts, prepare for and respond to medical device-related cybersecurity incidents helping ensure effectiveness of medical devices and patient care and safety. The framework outlined in the Playbook is designed to provide baseline medical device cybersecurity information for emergency preparedness and response; define roles and responsibilities for internal and external responders; describe a standardized approach to response efforts that…

Source…

Mitre expands R&D in Hawaii as US focus on Indo-Pacific intensifies

/in


WASHINGTON — Mitre, which operates federally funded centers that assist the U.S. government with science research, development and systems engineering, said it will open a facility in in Hawaii to bolster security and national defense operations in the Indo-Pacific.

This site in Honolulu will support Hawaii and Indo-Pacific priorities of the U.S. Department of Defense, U.S. Indo-Pacific Command, the intelligence community and international allies, while fostering “whole-of-nation” technology collaborations in cybersecurity, transportation, healthcare, veterans services and law enforcement, the not-for-profit said.

The U.S. sees the Pacific as a key strategic region, as Washington works to counter China’s growing influence. The White House Indo-Pacific Strategy, published in February, pledges an extended role in the area, including establishing more resilient command and control and increasing the scope of joint exercises and operations.

“We’re immersed in nearly every aspect of global strategic competition—from countering aggressive military actions by adversary nations, to safeguarding supply chains, accelerating maritime research and innovation, and preparing for the next global health crisis,” said Keoki Jackson, senior vice president, general manager, Mitre National Security, in a statement.

Mitre, which works across six federal R&D centers and more than 200 individual labs, also said it entered into a partnership with UH to identify opportunities for collaborative analysis, engineering and research. The partnership will focus on advancing marine technology, enhancing cyber defense, strengthening climate resilience, addressing natural resource management and testing energy technologies.

The organization has been operating at Ford Island and Camp Smith in Hawaii for almost 50 years. Developing the site at the Kaka’ako Innovation District will double its local workforce, advance STEM education and bolster security in the region, it said.

Last month, Mitre named Cedric Sims to the new role of senior vice president, enterprise innovation and integration, and Austin Y. Wang as vice president, intelligence center, Mitre National Security.

Sims will develop strategies to…

Source…