Fourth round of Evaluations focus on top ransomware and wiper malware groups, including Russian cyber military unit
Uptycs, provider of the first cloud-native security analytics platform enabling cloud and endpoint security from a common solution, announced the results of its completed MITRE Engenuity ATT&CK® Enterprise Evaluation, Round 4. This round of independent ATT&CK Evaluations for enterprise cybersecurity solutions emulated the Wizard Spider and Sandworm threat groups. Wizard Spider is responsible for the infamous Ryuk ransomware family, and Sandworm is a Russian cyber military unit behind the 2017 NotPetya attacks.
Marketing Technology News: MarTech Interview with Paul Lewis, CMO at Adzuna
“Ransomware is a growing scourge for all types of organizations and the focus of these MITRE Engenuity ATT&CK Evaluations could not come at a more appropriate time,” said Ganesh Pai, Co-founder and CEO at Uptycs. “Security teams can use these evaluation results to identify gaps in their detection coverage. Our strong performance in both the Windows and Linux portions of the evaluation demonstrate how Uptycs helps these Security teams to detect even advanced ransomware actors, in addition to the hardening needed to minimize the risk of ransomware in the first place.”
The MITRE Engenuity evaluations team chose to emulate two threat groups that abuse the Data Encrypted For Impact (T1486) technique. In Wizard Spider’s case, they have leveraged data encryption for ransomware, including the widely known Ryuk malware (S0446). Sandworm, on the other hand, leveraged encryption for the destruction of data, perhaps most notably with their NotPetya malware (S0368) that disguised itself as ransomware. While the common thread to this year’s evaluations is “Data Encrypted for Impact,” both groups have substantial reporting on a broad range of post-exploitation tradecraft.
New advanced detection capabilities helped Uptycs perform strongly in the Wizard Spider and Sandworm evaluation, including:
- Ransomware detection – Uptycs provides generic detection and protection against ransomware attacks on Windows operating systems. The capability analyzes telemetry inside the endpoint agent so it can protect against the attacks in offline mode.
- Process code injection / DLL injection and process hollowing – Uptycs provides generic detection to process code injection and process hollowing on both Windows and Linux endpoints. Process code injection is a technique used by attackers to inject malicious code inside a trusted running process to evade detection.
- Master boot record (MBR) overwrite – Uptycs provides generic detection of MBR overwrite on Windows-based endpoints. MBR overwrite is a technique used by adversaries where the goal is to disrupt operations and make the system unusable.
- Lsass.exe memory credential dumping – To detect attacker attempts to steal credentials, Uptycs provides generic detection of lsass.exe (Local Security Authority Subsystem Service) memory credential dumping on Windows-based endpoints.
Marketing Technology News: AdPlayer.Pro Outstream Video Ads Solutions Provider To Expand its Format Portfolio