securityweek.com - The MITRE AADAPT framework provides documentation for identifying, investigating, and responding to weaknesses in digital asset payments.
The non-profit MITRE Corporation on Monday released Adversarial Actions in Digital Asset Payment Technologies (AADAPT), a cybersecurity framework designed to help the industry tackle weaknesses in cryptocurrency and other digital financial systems.
Modeled after the MITRE ATT&CK framework, AADAPT delivers a structured methodology that developers, financial organizations, and policymakers can use to find, investigate, and address risks in digital asset payments.
Insights that more than 150 sources from academia, government, and industry provided on real-world attacks on digital currencies and related technologies were used to create a playbook of adversarial TTPs linked to digital asset payment technologies.
The increased use of cryptocurrency has led to the emergence of sophisticated threats, such as phishing schemes, ransomware campaigns, and double-spending attacks, often with severe impact on organizations that lack cybersecurity resources, such as local governments and municipalities.
AADAPT is meant to help them enhance their stance through practical guidance and tools that specifically cover this financial market segment.
According to MITRE, AADAPT was founded on an in-depth review of underlying technologies such as smart contracts, distributed ledger technology (DLT) systems, consensus algorithms, and quantum computing, along with vulnerabilities and credible attack methods.
The tool supports critical use cases to help develop analytics for emulating threats, create detection techniques, compare insights, and assess security capabilities to prioritize decisions, essentially assisting stakeholders in adopting best practices.
“Digital payment assets like cryptocurrency are set to transform the future of global finance, but their security challenges cannot be ignored. With AADAPT, MITRE is empowering stakeholders to adopt robust security measures that not only safeguard their assets but also build trust across the ecosystem,” MITRE VP Wen Masters said.
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract…
MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry.
MITRE’s AI Incident Sharing initiative helps organizations receive and hand out data on real-world AI incidents.
Non-profit technology and R&D company MITRE has introduced a new mechanism that enables organizations to share intelligence on real-world AI-related incidents.
Shaped in collaboration with over 15 companies, the new AI Incident Sharing initiative aims to increase community knowledge of threats and defenses involving AI-enabled systems.
MITRE has just minted its 400th CNA, as the NVD struggles to tame its backlog of CVEs awaiting analysis, which has increased by 30% since June.
Foreign nation-state cyber adversaries are tenacious. Their attacks are evolving to get around the industry’s most sophisticated defenses. Last year was exploitation of routers, and this year’s theme has been compromise of edge protection devices.
MITRE, a company that strives to maintain the highest cybersecurity possible, is not immune.
Despite our commitment to safeguarding our digital assets, we’ve experienced a breach that underscores the nature of modern threats. In this blog post, we provide an initial account of the incident, outlining the tactics, techniques, and procedures (TTPs) employed by the adversaries, as well as some of our ongoing incident response efforts and recommendations for future steps to fortify your defenses.
The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.
