In 2025, an international fintech firm is expected to come under attack through its hybrid cloud infrastructure by highly skilled cyber operators on the Internet. These attackers are set to target the company’s Active Directory instance, employees’ LinkedIn profiles, and shared code repositories to advance their compromises, according to the latest MITRE ATT&CK Evaluations test.
The MITRE ATT&CK Evaluations serve as a rigorous annual assessment that challenges cybersecurity firms to defend against tactics employed by the most current cyber threats. Conducted by government contractor MITRE, these evaluations provide vendors with the opportunity to test their detection, protection, and response capabilities in realistic scenarios. For cybersecurity professionals, the results offer insights into their readiness to counter sophisticated attacks.
Lex Crumpton, principal cybersecurity engineer at MITRE, emphasizes that the focus of the ATT&CK Evaluations is not merely on grading security software but on enhancing companies’ defenses and improving vendors’ products. The assessments simulate adversary behavior in a collaborative effort to evaluate vendors’ tools within a specified environment unknown to the participants, ensuring a comprehensive evaluation of their capabilities.
While the MITRE ATT&CK Framework is widely recognized as a comprehensive guide to cyberattack tactics and techniques, the annual evaluations also involve testing security products against current threats facing organizations. In the previous year, simulations included attacks by ransomware groups like LockBit and Cl0p, as well as threats from North Korean state-sponsored actors using ransomware for financial gain.
Looking ahead to 2025, the Managed Services Evaluation will concentrate on cloud-based attacks, response strategies, and post-incident analysis. This evaluation aims to provide companies with valuable insights into enhancing their cyber defenses in light of evolving threats in the digital landscape.
Participants like Greg Young, vice president of cybersecurity at Trend Micro, stress the dual benefits of using ATT&CK Evaluations for both purchasing decisions and internal security operations. By examining the techniques employed by adversaries in the evaluations, organizations can adapt their defense strategies and improve their cybersecurity posture.
The ATT&CK evaluations draw on global cybersecurity intelligence and threat reports to identify current threats and develop realistic adversaries for testing. The red development team creates tools to simulate these adversaries’ tactics while the blue team validates the effectiveness of detection techniques during the evaluations.
MITRE conducts two rounds of testing, including a managed-service round where vendors are kept in the dark about the specifics of the threat, and an enterprise round where vendors receive detailed information about potential adversaries. This rigorous testing process ensures a robust evaluation of vendors’ capabilities to detect and respond to evolving cyber threats.
While some concerns have been raised about the realism of the evaluation scenarios, the focus remains on improving vendors’ products and enhancing companies’ defenses. By identifying gaps in detection and response capabilities, the evaluations aim to drive innovation and improvement in the cybersecurity landscape.
In conclusion, the MITRE ATT&CK Evaluations play a crucial role in strengthening cybersecurity defenses and preparing organizations to combat emerging cyber threats. By leveraging the insights gained from these assessments, companies can enhance their security practices and stay ahead of evolving threat actors in an increasingly digitized world.