MITRE together with its partners active in its field cyber security launched a new project that will offer a free simulation of the largest hacking teams currently in the threat landscape to help train security teams to protect their networks from potential hackers. attacks. This is his work MITRE Engenuity's Center for Threat-Informed Defense and has the name Adversary Emulation Library. This project aims to provide free download attack simulation programs. Simulation programs are a collection of step-by-step guides, scenarios, and commands that describe and perform malicious operations that are commonly seen in the operations of a particular "adversary."
The goal of a simulation program is to test a network's defenses and see if automated systems security or human operators detect attacks before, during and after they occur.
The first MITRE Adversary Emulation simulation program concerns the hacking team known as "FIN6" and is one of the largest cybercrime groups in the world today. FIN6 has been in the threat landscape since 2015, and is mainly known for targeting companies operating high-traffic POS payment terminals, endangering internally networks for POS installation malware stealing credit card information. The FIN6 program is the first of many that MITRE intends to make available for free in the coming months.
The programs are developed by MITRE and many cybersecurity partners who are part of MITRE Engenuity, a non-profit organization currently made up of 23 organizations from around the world with highly developed security teams.
The Microsoft, Fujitsu and AttackIQ are members of MITRE Engenuity and collaborated with the organization on the FIN6 program. Prior to the creation of MITRE Engenuity, MITRE was released two other simulation programs - one in 2017 for the Chinese state hacking team “APT3” and earlier this year for the Russian state hacking group "APT29".
The positive feedback from these two releases has inspired MITRE leadership to work on coding a structure for simulation programs with industry partners, according to a blog post this week by Jon Baker, CEO of MITRE Corporation.
One element that is not very well known to the FIN6 team is that it sometimes tries to develop ransomware in the networks it violates, along with skimmers type Magecart. These small details are included in the MITRE FIN6 simulation program.
Until MITRE Engenuity releases more programs, security teams can take a look at the rival simulation programs released by MITRE Engenuity. Scythe in the summer.