MITER Engenuity ATT&CK® Ratings Highlight Uptycs Ransomware Detection Capabilities
The fourth round of assessments focuses on major ransomware and erasure malware groups, including the Russian cyber-military unit
WALTHAM, Mass., March 31, 2022 /PRNewswire/ — Uptycsprovider of the first cloud-native security analytics platform enabling cloud and endpoint security from a common solution, today announced the results of its MITER Engenuity ATT&CK® Enterprise, Round 4 assessment. This round of independents ATT&CK Assessments for enterprise cybersecurity solutions emulated the Wizard Spider and Sandworm threat groups. Wizard Spider is responsible for the infamous Ryuk ransomware family, and Sandworm is a Russian cyber-military unit behind the 2017 NotPetya attacks.
“Ransomware is a growing scourge for all types of organizations and the focus of these MITER Engenuity ATT&CK assessments couldn’t come at a more appropriate time,” said Ganesh Pai, co-founder and CEO of Uptycs. “Security teams can use these assessment results to identify gaps in their detection coverage. Our strong performance in the Windows and Linux portions of the assessment demonstrates how Uptycs helps these security teams detect even ransomware actors advanced, in addition to the hardening necessary to minimize the risk of ransomware in the first place.”
The MITER Engenuity evaluation team chose to emulate two groups of threats that abuse the Figures for impact (T1486) technical. In the case of Wizard Spider, they exploited data encryption for ransomware, including the notorious Ryuk Malware (S0446). Sandworm, on the other hand, has exploited encryption for data destruction, perhaps most notably with their NotPetya Malware (S0368) which disguised itself as ransomware. While the common thread in this year’s assessments is “Encrypted Data for Impact”, both groups have substantial reports on a wide range of post-mining craftsmanship.
New advanced detection capabilities helped Uptycs perform well in Wizard Spider and Sandworm evaluation, including:
- Ransomware detection – Uptycs provides generic detection and protection against ransomware attacks on Windows operating systems. The capability analyzes telemetry inside the endpoint agent so that it can protect against attacks in offline mode.
- Process code injection / DLL injection and process hollowing – Uptycs provides generic detection to deal with code injection and deal with hollowing out on Windows and Linux endpoints. Process code injection is a technique used by attackers to inject malicious code into a trusted running process to evade detection.
- Master Boot Record (MBR) Overwrite – Uptycs provides generic MBR overwrite detection on Windows terminals. MBR overwriting is a technique used by adversaries whose purpose is to disrupt operations and render the system inoperable.
- Dumping Lsass.exe memory credentials – To detect attackers’ attempts to steal credentials, Uptycs provides generic lsass.exe (Local Security Authority Subsystem Service) memory dump detection on Windows endpoints.
For the full results and more information on the assessments, please visit: https://attackevals.mitre-engenuity.org/enterprise/wizard-spider-and-sandworm/.
Sign up for our Uptycs Live webinar to learn more about our participation in MITER ATT&CK assessments and how our solution protects against ransomware.
About MITER Engenuity
MITER Engenuity, a subsidiary of MITER, is a technology foundation for the public good. MITER’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to address security, stability and well-being challenges. to be of our nation.
MITER Engenuity brings MITER’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government cannot solve alone. MITER Engenuity catalyzes the collective R&D strength of the entire U.S. federal government, universities, and private sector to address national and global challenges, such as protecting critical infrastructure, building a resilient semiconductor ecosystem , building a Genome Center for the public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense.
Uptycs provides the first unified, cloud-native security analytics platform that enables both cloud and endpoint security from a common solution. The solution provides a unique telemetry-based approach to address multiple use cases, including Extended Detection & Response (XDR), Cloud Workload Protection (CWPP), and Cloud Security Posture Management (CSPM). Uptycs enables security professionals to quickly prioritize, investigate, and respond to potential threats across an enterprise’s entire attack surface.