Virtualization Technology News and Information
CardinalOps Recognized for Contributing Security Research to MITRE ATT&CK v12
CardinalOps announced that its security research team contributed to the development of MITRE's latest release of ATT&CK for Enterprise (v12).  

The new version of ATT&CK for Enterprise contains 14 Tactics, 193 Techniques, 401 Sub-techniques, and 135 adversary Groups. CardinalOps security researcher Liran Ravich researched and documented a new sub-technique used by adversaries to bypass multi-factor authentication (MFA). 

Detecting the new sub-technique, named "T1556.006: Modify Authentication Process: Multi-Factor Authentication," is an important control for implementing a zero-trust strategy. It appears in three separate tactics: Credential Access, Defense Evasion, and Persistence. Additionally, it applies to securing a range of platforms including Azure AD, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, and macOS. 

CardinalOps' past contributions to MITRE ATT&CK include providing "T1566.002: Phishing: Spearphishing Link" and "T1608.001: Stage Capabilities: Upload Malware." Detecting these sub-techniques is important for identifying ransomware attacks in their early stages, for example. 

According to industry analyst firm ESG, 89% of organizations are now using the MITRE ATT&CK framework to reduce risk for security operations use cases, including as a guideline for detection engineering, for applying threat intelligence to alert triage, and for gaining a better understanding of adversary tactics, technique, and procedures. 

In particular, ATT&CK is an essential standard framework for implementing an adversary- and  threat-informed defense, whereby SecOps experts proactively identify and prioritize new detection logic based on the adversary techniques most relevant to their organizations.  

As part of SOC Modernization initiatives, this approach leverages both automation and human creativity to reduce risk. It delivers a more strategic approach to strengthening your detective posture, compared to a more reactive approach which is often driven by a host of ad-hoc and constantly-changing inputs from other teams in the organization. 

"We're honored to be collaborating with MITRE to strengthen ATT&CK in new ways that help the defender community - across all organizations," said Yair Manor, CTO and co-founder of CardinalOps. "Our security research team benefits from the nation-state expertise that its members have developed during their careers. We'll continue to leverage their insights to help our customers continuously measure their detection posture and eliminate detection coverage gaps with MITRE ATT&CK as the standard underlying framework." 

Published Thursday, November 17, 2022 11:01 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2022>