MITRE Engenuity: ATT&CK Evaluations to Assess Cybersecurity Products Against Data Encryption Threats

March 16, 2021

MITRE Engenuity will assess commercial cybersecurity products’ ability to detect the threat posed by the groups commonly known as Sandworm and Wizard Spider, both of whom have used data encryption as a key element of their attacks. Applications for evaluation are available through May 28. 

Analysts believe that Sandworm used data encryption to incur more than $10 billion in damage to industry in attacks with its NotPetya malware. The group is also widely suspected of attacks that have shut down the Ukrainian electrical grid on multiple occasions. Wizard Spider has reportedly used data encryption to steal more than $150 million through ransomware attacks.

The evaluations will use ATT&CK®, a MITRE-curated knowledge base of adversary tactics, techniques, and procedures that is based on published threat reporting. ATT&CK is freely available and is used by cyber defenders in areas including finance, healthcare, energy, manufacturing, retail, and government to understand adversary behavior and tradecraft.

“Sandworm and Wizard Spider use a range of strategies and tactics that are typical of a broad range of adversaries that employ data encryption to achieve their goals,” said Frank Duff, ATT&CK Evaluations lead. “We’re increasingly receiving requests to address high-impact techniques like data encryption, which can devastate healthcare organizations, municipal governments, and a wide range of other critical infrastructure,” Duff said. “However, these emulated scenarios will still include the full range of tactics and techniques that these groups use as they penetrate and operate on networks prior to encrypting data.”

View on MITRE Engenuity