Bitdefender, a cybersecurity provider, said it had achieved 100% coverage of steps in the first MITRE Engenuity ATT&CK Evaluation for security managed services.
The real-world drill was a test of 17 vendors’ ability to analyze and describe adversary behavior. More than half of the organizations in the evaluation use managed security service providers (MSSPs) to protect their data and networks. The data is intended to help organizations determine which service providers best address their cybersecurity gaps and fit their particular business needs.
MITRE ATT&CK Explained
The Adversarial Tactics, Techniques, and Common Knowledge, or MITRE ATT&CK, is a guideline for classifying and describing cyberattacks and intrusions. It is considered the gold standard to describe and analyze a cyberattack.
It consists of 10 steps that make up an attack chain:
- Initial access
- Execution
- Persistence
- Privilege escalation
- Defense evasion
- Credential access
- Discovery
- Lateral movement
- Collection and xfiltration
- Command and control
OilRig Threat Identified
In the Engenuity evaluation for managed services, security service providers participated in a "closed book" version of adversary emulation using tactics, techniques and procedures (TTPs) of OilRig, also known as APT34.
OilRig is a threat crew believed to be tied to the Iranian government that has targeted Middle Eastern and international victims since at least 2014. It has hit the financial, government, energy, chemical and telecommunications sectors. It appears to favor supply chain attacks with social engineering and stolen credentials.
OilArig was chosen based on its evasion and persistence techniques, its complexity and relevance to industry, Bitdefender said.
Each company was evaluated across 10 steps in the framework’s kill chain. Bitdefender said it found malicious activity across all of the evaluation steps.
Here’s a description of the scenario from the MITRE Engenuity website:
OilRig Scenario: Based on OilRig’s custom malware, SideTwist, VALUEVAULT, TwoFace, and RDAT, as well as the use of Mimikatz.
“This scenario begins with a legitimate user downloading and opening a malicious Microsoft Word document received in a spearphishing email. When the document is first opened, the enabled macros drop the SideTwist payload onto the victim host machine. SideTwist will enumerate the victim network and discover several administrator groups.
"After escalating privileges and moving laterally onto an EWS server, the attackers identify a targeted SQL server which stores sensitive critical infrastructure data. OilRig will load the RDAT backdoor onto the SQL server, collect the database backup files, and exfiltrate the chunked data via the EWS API to an attack-controlled email.”
Bitdefender's MDR Evaluation
MITRE Engenuity evaluated Bitdefender Managed Detection and Response (MDR) managed security service. Bitdefender highlights include:
- Complete Coverage of Attack Techniques. Bitdefender MDR reported malicious activity across all 10 MITRE ATT&CK steps for OilRig, including the identification of anomalous adversarial behavior and context of how the attack was performed.
- Outstanding Actionable Reporting. Bitdefender MDR demonstrated concise curated reporting summarizing malicious activities with actionable recommendations. The attention to short digestible reporting helps minimize alert fatigue allowing security teams to pinpoint and eliminate threats faster.
- Powerful Native Technology Stack. Bitdefender MDR achieved its favorable testing results leveraging a native technology stack that serves as a cornerstone for the company’s entire security portfolio. Customers seamlessly integrate threat prevention, endpoint detection and response (EDR) and extended detection and response (XDR) into MDR services without requiring costly add-ons.
Andrei Florescu, deputy general manager and senior vice president of products at Bitdefender Business Solutions Group, celebrated Bitdefender's advancements:
“Our ability to identify attack techniques of advanced adversaries during rigorous real-world tests like MITRE Engenuity validates Bitdefender’s position as a trusted leader in managed detection and response (MDR) services. Beyond effective threat detection, the MITRE ATT&CK Evaluations for Managed Services also revealed that Bitdefender limits unnecessary noise with curated reports and actionable alerts which is what security teams need to quickly take action.”
