Skip Navigation
BlackBerry Blog

BlackBerry Eliminates Carbanak and FIN7 in MITRE Engenuity ATT&CK Evaluations

BlackBerry recently participated in the third annual MITRE Engenuity cybersecurity evaluations. The MITRE ATT&CK® framework tracks adversarial tactics and techniques, making it an excellent resource for emulating real-world cyberattacks against security products.

During the process, BlackBerry® solutions were tested against the attack methods of Carbanak and FIN7 – two threat groups that are infamous for targeting a wide range of industries, including those involved with banking, retail, restaurants, and hospitality.

This year marks the first time the MITRE evaluations included prevention testing, a welcome development that allowed BlackBerry to demonstrate its prevention-first approach to security. In another notable change, human analysts and MSSPs were removed from participating in the detection portion of the tests. Limiting threat detections to the default capabilities of a security product shows how well a solution performs “out of the box.”

The 2020 MITRE tests involved launching emulated Carbanak and Fin7 attack chains against participants. An attack chain is a sequence of malicious activities where one phase relies upon the successful execution of previous steps. This is important to note when reviewing MITRE test results and how early each threat was effectively stopped by BlackBerry. Once a solution prevents one stage of the attack chain, further steps are largely moot since the threat cannot continue its execution.   

BlackBerry showed strong results in the detection phase of the evaluation. BlackBerry® Optics gathered considerable attack telemetry data throughout the tests, a critical resource for SOC analysts. BlackBerry Optics uses several techniques to identify and correlate threat data throughout an environment. In this way, it can often identify dangers by adding context to disparate actions which appear safe when taken on their own merits.

The prevention phase of the MITRE tests allowed BlackBerry® Protect and BlackBerry Optics to demonstrate a wide range of advanced capabilities. The evaluations displayed the effectiveness of BlackBerry’s AI pre-execution malware prevention, script control features against fileless attacks, and automated payload deletion and process termination. BlackBerry Protect demonstrated the benefits of using fifth generation, predictive AI to differentiate safe files from malicious ones. BlackBerry solutions exercised effective threat prevention capabilities at the earliest possible phases of all tests, resulting in zero compromised hosts.

For more information on how BlackBerry can help your organization prepare for, prevent, detect, and respond to cyber threats visit us at

The new MITRE Engenuity ATT&CK evaluations will be available soon. Learn more about BlackBerry’s performance in the previous evaluation

Brian Robison

About Brian Robison

Brian Robison is Chief Evangelist at BlackBerry. With over 20 years of cybersecurity experience, he focuses on educating and inspiring the world. Robison hosts live Hacking Exposed events and is a regular speaker at industry events including RSA, Black Hat, and thought leadership forums like ISC2 Think Tank.