Bitdefender, a cybersecurity vendor, said it has achieved 100% coverage of the stages of the first MITER Engenuity ATT&CK Rating for managed security services.
The actual exercise was a test of 17 vendors’ ability to analyze and describe adversary behavior. More than half of the organizations assessed use managed security service providers (MSSPs) to protect their data and networks. The data is intended to help organizations determine which service providers best fill their cybersecurity gaps and meet their particular business needs.
MITER ATT&CK Explained
Conflicting Tactics, Techniques, and Common Knowledge, or MITER ATT&CK, are guidelines for classifying and describing cyberattacks and intrusions. It is considered the gold standard for describing and analyzing a cyberattack.
It consists of 10 steps that make up a chain of attack:
- Initial Access
- Escalation of privileges
- defense escape
- Access to credentials
- Lateral movement
- Collection and xfiltration
- command and control
Oil Rig Threat Identified
In the Engenuity evaluation for managed services, security service providers participated in a “closed-book” version of adversary emulation using OilRig’s Tactics, Techniques, and Procedures (TTPs), also known as APT34.
OilRig is a threat team suspected of being linked to the Iranian government that has been targeting victims in the Middle East and abroad since at least 2014. It has affected the financial, government, energy, chemical and telecommunications sectors. It seems to favor supply chain attacks with social engineering and stolen credentials.
OilArig was chosen because of its evasion and persistence techniques, complexity and industry relevance, Bitdefender said.
Each company was assessed on 10 stages of the framework destruction chain. Bitdefender said it found malicious activity through all stages of assessment.
Here is a description of the scenario from the MITER Engenuity website:
OilRig Scenario: Based on custom malware from OilRig, SideTwist, VALUEVAULT, TwoFace, and RDAT, as well as using Mimikatz.
“This scenario begins with a legitimate user downloading and opening a malicious Microsoft Word document received in a spear-phishing email. When the document is first opened, enabled macros drop the SideTwist payload on the victim host machine. SideTwist will enumerate the victim network and discover several administrator groups.
“After escalating privileges and laterally moving on an EWS server, attackers identify a targeted SQL server that stores sensitive critical infrastructure data. OilRig will load the RDAT backdoor on the SQL server, collect database backup files of data and will exfiltrate the fragmented data through the EWS API to an attack-controlled email.
Bitdefender MDR Rating
MITER Engenuity has evaluated the Bitdefender Managed Detection and Response (MDR) managed security service. Bitdefender highlights include:
- Full coverage of attack techniques. Bitdefender MDR has reported malicious activity in the 10 MITER ATT&CK steps for OilRig, including identifying anomalous adversarial behavior and the context of how the attack was carried out.
- Exceptional Actionable Reports. Bitdefender MDR presented concise and organized reports summarizing malicious activity with actionable recommendations. Attention to short, understandable reports helps minimize alert fatigue, enabling security teams to identify and eliminate threats faster.
- Powerful native technology stack. Bitdefender MDR achieved its favorable test results by leveraging a native technology stack that serves as the cornerstone of the company’s entire security portfolio. Customers seamlessly integrate threat prevention, endpoint detection and response (EDR), and extended detection and response (XDR) into MDR services without requiring expensive add-ons.
Andrei Florescu, Deputy General Manager and Senior Vice President of Products at Bitdefender Business Solutions Group, celebrated Bitdefender’s progress:
“Our ability to identify advanced adversary attack techniques in rigorous real-world testing like MITER Engenuity confirms Bitdefender’s position as the trusted leader in managed detection and response (MDR) services. Beyond effective threat detection, MITER ATT&CK assessments for managed services also revealed that Bitdefender limits unnecessary noise with organized reporting and actionable alerts, which security teams need to act quickly.