Focus Mode
Threat Research

From Noise to Clarity: The Value of MalOp™ Technology in Modern Cyber Defense

Cybereason
From Noise to Clarity: The Value of MalOp™ Technology in Modern Cyber Defense
This article discusses the latest MITRE ATT&CK® Evaluations for 2024, focusing on advanced threats such as ransomware and macOS attacks. It highlights Cybereason’s MalOp™ technology, which offers a comprehensive view of attacker activities, enhancing security operations by reducing alert fatigue and improving incident response. Affected: Windows, macOS

Keypoints :

  • The MITRE ATT&CK® Evaluations assess how well security vendors combat advanced threats.
  • Round 6 focuses on ransomware behaviors from LockBit and CL0P, and threats targeting macOS systems.
  • Cybereason’s MalOp™ technology stands out for its deep visibility and operational focus.
  • Ransomware remains a significant threat across various industries, with LockBit being the most prevalent variant.
  • Modern threats require a comprehensive defense strategy that correlates all malicious activities.
  • MalOp™ shifts from alert-centric to operation-centric security, providing a complete view of attacks.
  • The Cross-Machine Correlation Engine unifies data from various sources for better threat analysis.
  • Cybereason’s approach reduces alert noise and accelerates investigation processes.
  • Future developments include advanced behavioral indicators and automated response capabilities.

MITRE Techniques :

  • TA0001 – Initial Access: Techniques used include spearphishing and domain generation algorithms.
  • TA0002 – Execution: Malicious tools such as PowerShell scripts and credential dumping tools are utilized.
  • TA0003 – Persistence: Attackers leverage Living Off the Land techniques to maintain access.
  • TA0004 – Privilege Escalation: Techniques involve exploiting vulnerabilities to gain higher privileges.
  • TA0005 – Defense Evasion: Use of decoy malware to evade detection and maintain persistence.
  • TA0006 – Credential Access: Techniques include credential dumping to gather user credentials.
  • TA0007 – Discovery: Attackers perform reconnaissance to identify network structure and resources.
  • TA0008 – Lateral Movement: Techniques used to move across systems within the network.
  • TA0009 – Collection: Exfiltration of high-value data is a primary goal of the attacks.
  • TA0010 – Exfiltration: Techniques include data exfiltration through command-and-control channels.

Indicator of Compromise :

  • [file name] regsvr32.exe
  • [tool name] Metasploit
  • [tool name] Cobalt Strike
  • [tool name] AnyDesk
  • [tool name] TeamViewer
  • Check the article for all found IoCs.


Full Research: https://www.cybereason.com/blog/mitre-2024-demonstrates-value-of-malop-technology

Tags: LEARN, DEFENSE EVASION, WINDOWS, PRIVILEGE, HEALTHCARE, CLOUD, INITIAL ACCESS, DISCOVERY