Kaspersky Lab Enriches APT Intelligence Reports with Added Actors’ Profiles and MITRE ATT&CK Framework

Woburn, MA – April 11, 2019 – Kaspersky Lab has enhanced its APT Intelligence Reports with contextual information related to advanced persistent threat (APT) actors and added mapping to the MITRE ATT&CK threat model for previously discovered attacks. These enhancements allow teams to connect incidents with a specific threat actor, therefore improving their understanding of attack motivations and helping to predict an attacker’s next steps.

Cybercriminals are constantly improving upon sophisticated hacking techniques to compromise organizations. According to Kaspersky Lab’s 2018 IT Security Risks Survey, enterprises identified targeted attacks as the most expensive type of cybersecurity incidents, with an average cost of $1.11 million per incident. Combating APTs requires not only cutting-edge security solutions, but also access to the most comprehensive and constantly updated threat intelligence. To help security operation teams stay ahead of the latest targeted attacks, Kaspersky Lab has updated its APT Intelligence reporting service to provide more contextual information on APT actors, their campaigns and their tactics, techniques and procedures.

APT reports from Kaspersky Lab now provide an overview of each APT group, including country of origin, aliases, list of previous targets and victims, as well as the typical tools and descriptions of past campaigns. The reports also include links to additional resources, specific Indicators of Compromise (IoC) and YARA rules, to help organizations detect these attacks.

Previously discovered APT campaigns are mapped to MITRE ATT&CK, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Experts break down the attacks into several phases in accordance with the PRE-ATT&CK and ATT&CK Enterprise matrixes, showing which tactics and techniques were leveraged at every stage. It complements Kaspersky Lab’s own descriptive methodology, which divides a targeted attack into infection vector, implants and infrastructure phases, to provide a high-level understanding of the threat context suitable for C-level executives.

“Fragmented data about advanced cyberattacks makes detecting them difficult for security operation teams,” said Sergey Martsynkyan, head of B2B product marketing, Kaspersky Lab. “To change this, we collect, analyze and provide the most comprehensive and relevant information on APT campaigns. With the help of the MITRE ATT&CK framework, we can now show additional angles and context for these operations. All this helps organizations detect and predict future threats in the most efficient way.”

To learn more about Kaspersky Lab’s APT Intelligence Reporting Service, please visit our website.

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 21 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Media Contact
Meghan Rimol
meghan.rimol@kaspersky.com
781.503.6271