MITRE ATT&CK Explained
The Adversarial Tactics, Techniques, and Common Knowledge, or MITRE ATT&CK, is a guideline for classifying and describing cyberattacks and intrusions. It is considered the gold standard to describe and analyze a cyberattack. It consists of 10 steps that make up an attack chain:OilRig Threat Identified
In the Engenuity evaluation for managed services, security service providers participated in a "closed book" version of adversary emulation using tactics, techniques and procedures (TTPs) of OilRig, also known as APT34. OilRig is a threat crew believed to be tied to the Iranian government that has targeted Middle Eastern and international victims since at least 2014. It has hit the financial, government, energy, chemical and telecommunications sectors. It appears to favor supply chain attacks with social engineering and stolen credentials.OilArig was chosen based on its evasion and persistence techniques, its complexity and relevance to industry, Bitdefender said.Each company was evaluated across 10 steps in the framework’s kill chain. Bitdefender said it found malicious activity across all of the evaluation steps.Here’s a description of the scenario from the MITRE Engenuity website:OilRig Scenario: Based on OilRig’s custom malware, SideTwist, VALUEVAULT, TwoFace, and RDAT, as well as the use of Mimikatz.“This scenario begins with a legitimate user downloading and opening a malicious Microsoft Word document received in a spearphishing email. When the document is first opened, the enabled macros drop the SideTwist payload onto the victim host machine. SideTwist will enumerate the victim network and discover several administrator groups.
"After escalating privileges and moving laterally onto an EWS server, the attackers identify a targeted SQL server which stores sensitive critical infrastructure data. OilRig will load the RDAT backdoor onto the SQL server, collect the database backup files, and exfiltrate the chunked data via the EWS API to an attack-controlled email.”
Bitdefender's MDR Evaluation
MITRE Engenuity evaluated Bitdefender Managed Detection and Response (MDR) managed security service. Bitdefender highlights include:“Our ability to identify attack techniques of advanced adversaries during rigorous real-world tests like MITRE Engenuity validates Bitdefender’s position as a trusted leader in managed detection and response (MDR) services. Beyond effective threat detection, the MITRE ATT&CK Evaluations for Managed Services also revealed that Bitdefender limits unnecessary noise with curated reports and actionable alerts which is what security teams need to quickly take action.”