ATT&CK Evaluations Emulate Wizard Spider and Sandworm Threat Groups
Amsterdam, the Netherlands – March 31, 2022 – ReaQta, an IBM Company, and MITRE Engenuity, today announced the results of its completed MITRE Engenuity ATT&CK® Evaluation for ReaQta. This round of independent ATT&CK Evaluations for enterprise cybersecurity solutions emulated the Wizard Spider and Sandworm threat groups.
This marks the third time that ReaQta, an IBM Company, has successfully completed the ATT&CK Evaluations with top-quality alerts, showing ReaQta’s capabilities in delivering world-class protection against even the most complex attacks in real-time without human intervention.
MITRE ATT&CK Evaluations prioritizes threats that offer unique impact to businesses and governments worldwide. Through the lens of the ATT&CK knowledge base, Evals focused on two threat actors, Wizard Spider and Sandworm. Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since August 2018 against a variety of organizations, ranging from major corporations to hospitals. Sandworm is a destructive Russian threat group that is known for carrying out infamous attacks such as the 2015 and 2016 targeting of Ukrainian electrical companies and 2017’s NotPetya attacks. These two threat actors were chosen based on their complexity, relevancy to the market, and how well MITRE Engenuity’s staff can fittingly emulate the adversary.
“We are pleased to participate in ReaQta’s third round of ATT&CK evaluations, which is another valuable opportunity for us to publicly and rigorously test ReaQta against real-world attack scenarios,” said Alberto Pelliccione, CEO at ReaQta. “ReaQta was designed to be a powerful, blazing fast autonomous detection and response platform to halt even the most advanced cyber threats, while simplifying endpoint security for any security team. We applaud and appreciate the work of MITRE Engenuity in helping organizations to make informed decisions with these evaluations and will continue to bring forth innovative and algorithmic approaches to help defenders regain their edge over attackers.”
“This latest round indicates significant product growth from our vendor participants. We are seeing greater emphasis in threat informed defense capabilities, which in turn has developed the infosec community’s emphasis on prioritizing the ATT&CK Framework,” said Ashwin Radhakrishnan acting General Manager of ATT&CK Evaluations at MITRE Engenuity.
The Evals team chose to emulate two threat groups that abuse the Data Encrypted For Impact (T1486) technique. In Wizard Spider’s case, they have leveraged data encryption for ransomware, including the widely known Ryuk malware (S0446). Sandworm, on the other hand, leveraged encryption for the destruction of data, perhaps most notably with their NotPetya malware (S0368) that disguised itself as ransomware. While the common thread to this year’s evaluations is “Data Encrypted for Impact,” both groups have substantial reporting on a broad range of post-exploitation tradecraft.
ReaQta is an autonomous detection and response platform that leverages an innovative Dynamic Behavioral Analysis approach to identify and block even the most advanced zero day threats, which includes in-memory malware and ransomware attacks.
ReaQta achieved full and real-time detection coverage, out-of-the-box with no configuration changes throughout the entire evaluation process. Emerging with high fidelity alerts, ReaQta’s detections and correlations were done autonomously at blazing fast speeds.
For full results and more information about the evaluations, please visit: https://attackevals.mitre-engenuity.org/enterprise/wizard-spider-and-sandworm/.
About MITRE Engenuity
MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.
MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense.
About ReaQta, an IBM Company
ReaQta, an IBM company, is a top-tiered AI Autonomous Detection & Response platform, built by an elite group of cyber security experts and AI/ML researchers. Built with advanced automated threat-hunting features, ReaQta allows organizations to eliminate the most advanced threats in real-time. As experts in AI and behavioral analysis, ReaQta’s proprietary dual-AI engines provide organizations across all industries with autonomous, real-time and fully customizable endpoint security, minus the complexity. As a result of automation coupled with intuitive design, ReaQta’s customers and partners benefit from performance improvements and are now able to manage and secure more endpoints without the need for highly skilled staff. For more information, visit https://ReaQta.com
Elizabeth Lee, Communications Manager | firstname.lastname@example.org