Skip to content

The TIDE: UNC5537, SCARLETEEL, new Threat Object Stubs, and now 303 defensive solution mappings (our biggest release yet!)

  • June 18, 2024

In the latest edition of The TIDE: Threat-Informed Defense Education, we’re announcing new threat intelligence highlights, new direction for our Community Edition users, as well as the biggest release we’ve had yet of defensive technologies. It’s an exciting time at Tidal.

First up, I’m excited to share about Threat Object Stubs. In the past, if a user searched in Tidal Cyber Community Edition for an Enterprise Edition exclusive threat, they would have been left with the dreaded “no results.” Starting today, they will no longer see nothing, and instead see the threat object, its relationships to other objects, and references.

This is a big step up for Community Users to get additional useful information; though to access the full object with all its technique mappings, they will need to access Enterprise Edition. There are now more than 90 stubs in Community Edition to help users get started within the platform. Some example threat objects impacted: 

  • Qilin Ransomware: In-the-headlines emerging ransomware 
  • Moonstone Sleet: New North Korean APT 
  • Black Basta Operator Social Engineering Campaign: Unusual TTPs for a prominent ransom group 
  • SCARLETEEL: Highly versatile and capable cloud-focused actor 

As I wrote last week, we have both our Community Edition and Enterprise Edition because everyone needs to be aware of the most recent adversary activity. However, some of our advanced features are just that—advanced—and belong in our Enterprise Edition. Our hope is that these threat object stubs help our community users answer their own questions about how far they can go with the free platform, and where they might need to go next. 

More from this week’s The TIDE:

Threat Highlights 

  • UNC5537 (new Group): Made headlines this week after reportedly compromising a large number of cloud database instances tied to hundreds of organizations globally. Initial infections were likely achieved via compromised credentials, and actors monetized their access by selling exfiltrated data and extorting victims. This is an Enterprise platform exclusive. 
  • Tidal Trending Techniques (monthly update): Financial Theft (T1657) saw a large increase from its usual baseline, driven by ransomware & infostealer activity but also a rise in reports on banking trojans. Registry Run Keys (T1547.001) were used by a wide range of threats for persistence in compromised environments. 

Defensive Highlights

  • New Vendors and Products: Our enterprise users just received their biggest defensive solution mapping drop to date, totaling 303 products across 146 vendors supporting nine different security segments including Email Security, Data Loss Prevention, Next Generation Firewalls, Identity Access Management, User Behavior Analytics. This builds on an already extensive and diverse product MITRE ATT&CK® mapping library and lets users get started with an assessment in Tidal Cyber Enterprise Edition in just a few minutes.  
  • Updated Vendors and Products: Community Edition and Enterprise Edition users get to benefit from the Elastic Security update to v8.14. This update ensures that Elastic customers and the community have the latest information available on the ever-evolving list of ATT&CK mappings from Elastic. We appreciate their continued support to keep the community aware of their ATT&CK coverage at a granular rule level. 

The team is constantly updating both Community and Enterprise editions, and I’m proud of all we can do to help the community and our customers. If you are interested in the Enterprise Edition platform exclusives, email us and my team will get back to you right away. 

 

Data-Driven Threat-Informed Defense

Meet Tidal Enterprise Edition

Quickly and easily develop custom threat profiles and defensive stacks, see your coverage and identify gaps and redundancies, and get daily recommendations to improve your cybersecurity posture.