Saturday, October 12, 2024
HomeCyber Security NewsMITRE Releases EMB3D Cybersecurity Threat Model for Embedded Devices

MITRE Releases EMB3D Cybersecurity Threat Model for Embedded Devices

Published on

Malware protection

In collaboration with Red Balloon Security, Narf Industries, and Niyo Little Thunder Pearson, MITRE has unveiled EMB3D, a comprehensive threat model designed to address the growing cybersecurity risks faced by embedded devices in critical infrastructure sectors.

Embedded devices, widely employed across industries such as oil and gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems, often lack proper security controls and are insufficiently tested for vulnerabilities.

As sophisticated cyber adversaries increasingly target these devices, EMB3D aims to provide a common understanding of the threats posed and the necessary security mechanisms to mitigate them.

- Advertisement - SIEM as a Service

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

A Collaborative Framework

EMB3D aligns with and expands upon existing models like Common Weakness Enumeration (CWE), MITRE ATT&CK®, and Common Vulnerabilities and Exposures (CVE), but with a specific focus on embedded devices.

The framework offers a cultivated knowledge base of cyber threats to embedded devices, including those observed in field environments, demonstrated through proofs-of-concept, or derived from theoretical research.

Workflow Summary

These threats are mapped to device properties, enabling users to develop and tailor accurate threat models for specific embedded devices.

For each identified threat, EMB3D suggests technical mechanisms that device vendors should implement to protect against it, promoting a secure-by-design approach.

EMB3D is intended to be a living framework, continuously updated with new threats, mitigations, and security defenses as they emerge.

Scheduled for public release in early 2024, EMB3D will be an open community resource, allowing the security community to contribute additions and revisions.

“We encourage device vendors, asset owners, researchers, and academia to review the threat model and share feedback, ensuring our collective efforts remain at the forefront of safeguarding our interconnected world,” said Yosry Barsoum, vice president and director of MITRE’s Center for Securing the Homeland.

EMB3D aims to improve the cyber posture of critical infrastructure sectors by fostering collaboration and leveraging collective expertise, thus building a safer and more secure digital future for those reliant on operational technology.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...