MITRE asks vendors to do more to detect stealthy hacks

As hackers continue to use native programming tools to blend into target networks, Mitre Corp. is beginning to test vendors’ ability to detect those techniques. The federally-funded, not-for-profit organization announced Wednesday it would throw the stealthy tactics of an infamous hacking group, the Russian-government-linked APT29, at several threat-detection products. But the evaluation is about more than one set of adversaries. The “living off the land” techniques, such as hiding in PowerShell scripts, that will be tested are increasingly popular with a variety of hacking groups. “A lot of these techniques are going to be implemented in similar ways from different adversaries,” said Frank Duff, Mitre’s lead for evaluations that use the organization’s ATT&CK framework. “PowerShell monitoring is that next thing that everyone recognizes is absolutely necessary,” he added. Mitre’s last round of testing focused on advanced persistent threats, mimicking the tactics of APT3, a China-based group known for using internet-browser exploits. But … Continue reading MITRE asks vendors to do more to detect stealthy hacks