TLP:GREEN - Attackers in Profile: menuPass and ALPHV/BlackCat
Summary:
MITRE Engenuity recently conducted an ATT&CK Evaluation focusing on managed security services, where Trend achieved a perfect 100% detection rate across all 15 critical steps. The evaluation simulated a sophisticated attack scenario involving menuPass (APT10) and ALPHV/BlackCat ransomware. Both threats are known for their advanced tactics, including exploiting trusted relationships and utilizing multi-platform capabilities (Windows and Linux). Trend's success in detection underscores the importance of robust threat intelligence and advanced cybersecurity tools in managed detection and response (MDR) services.
Analyst Comments:
This evaluation highlights the evolving landscape of cybersecurity threats faced by managed service providers (MSPs). menuPass, identified as APT10, is a state-sponsored cyber espionage group known for its extensive history of targeting public-facing applications and exfiltrating sensitive data. ALPHV/BlackCat, meanwhile, represents a newer breed of ransomware-as-a-service (RaaS) threats capable of cross-platform attacks, posing significant challenges to MSPs tasked with defending diverse IT environments.
MITRE Engenuity's selection of these threats for evaluation underscores their relevance and complexity in today's threat landscape. Their combination tested MSPs' capabilities in defense evasion, data encryption, and recovery obstruction—critical areas where MSPs must excel to protect their clients effectively.
Suggested Corrections Strategies:
To mitigate risks associated with threats like menuPass and ALPHV/BlackCat, MSPs should prioritize the following strategies:
Advanced Threat Detection: Invest in MDR services that leverage advanced threat detection technologies capable of identifying sophisticated, multi-stage attacks across diverse platforms.
Comprehensive Threat Intelligence: Utilize up-to-date threat intelligence to understand evolving TTPs of threat actors like APT10 and RaaS groups. This knowledge helps in proactive defense and response planning.
Enhanced Security Posture: Implement robust security measures such as endpoint protection, network segmentation, and regular security audits to strengthen defenses against ransomware and APTs.
Incident Response Readiness: Develop and regularly update incident response plans that encompass scenarios involving ransomware and state-sponsored espionage groups. Conduct tabletop exercises to ensure readiness.
Continuous Monitoring and Adaptation: Given the dynamic nature of cyber threats, maintain continuous monitoring of IT environments and adapt security strategies based on emerging threat intelligence and industry best practices.
Link(s):
https://www.trendmicro.com/en_us/research/24/f/menupass-alphv-blackcat-threats.html