Mitsubishi Electric Develops World’s First Penetration-test Support Tool that Generates Attack Scenarios from Hacker Perspectives

December 6, 2023

Mitsubishi Electric Corporation announced today that it has developed the world's first penetration-test support tool, CATSploit, which automatically generates attack scenarios based on the test objectives of a penetration tester, such as the theft of confidential information, to evaluate the effectiveness of test attacks. Using the attack scenarios and resulting test results (scores), even inexperienced security engineers can easily perform penetration tests.

In recent years, control systems including infrastructure, factory equipment, etc., have become increasingly connected to networks, raising the risk of disruptions, such as power outages or public transportation shutdowns, due to cyberattacks. The need to implement security measures in such systems has become urgent. In addition, ISA/IEC 62443 standards require that fuzzing and penetration security tests be performed on systems and equipment to evaluate their resistance to cyberattacks, including vulnerabilities due to implementation or configuration errors. Penetration testing is highly sophisticated and requires the involvement of white-hat hackers to actually attack the system or product being tested, but such individuals, who must possess very high levels of expertise, are scarce and difficult to find.

Mitsubishi Electric, by focusing on the factors that white-hat hackers consider when selecting their attack vectors, has now developed a penetration-test support tool that generates lists of possible attack scenarios and their effectiveness (expressed as numerical scores).

Details of the tool will be presented on December 6 (11 am local time) during the Black Hat Europe 2023 Arsenal in London, which will take place on December 6 and 7.

leave a reply