The MITRE ATT&CK Framework: Know Your Enemy
Techsense team I 8:12 am, 4th December
Protection against cyberattacks is a priority for modern business. Detecting potential threats requires a thorough understanding of common attacker techniques and tactics. It is also important for organizations to know how to mitigate these risks. Unfortunately, cybercriminals are innovative and come up with new tactics all the time. It has become impossible for a single organization to monitor every single one of these techniques. It is even more difficult to translate these findings meaningfully for people outside the organization. To address these issues, MITRE created the ATT&CK Framework in 2013.
What is the MITRE ATT&CK framework?
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a comprehensive knowledge base for cybercriminal behavior, the various phases of attack, and the common platforms they target. It also offers a complete matrix of techniques and tactics used by cybersecurity specialists to classify attacks and evaluate an organization’s risk profile.
The framework is designed to answer pertinent questions about a cyberattack. For instance, how did the criminal manage the attack? How did he gain access? How did he move around? Having answers to such questions can help organizations take measures to prevent cyberattacks in the future. The MITRE ATT&CK framework provides real-life examples of appropriate adversary behavior. It also provides information about methods and techniques for environment-specific attacks and standardized language for different cybercriminal methodologies.
Who can use it?
All organizations can use the MITRE ATT&CK framework, regardless of whether they are public, private, or non-profit. It is available for enterprise environments and supports Windows, PRE, Linux, Mac OS, and Cloud. The framework is also available on Android and iOS mobile devices.
What does the MITRE ATT&CK matrix contain?
The MITRE ATT&CK matrix consists of a collection of techniques that adversaries use to accomplish an objective. Enterprise tactics have been segregated into 14 tactics:
1. Reconnaissance: Collecting information about the target organization
2. Resource Development: Establishing resources to execute an attack
3. Initial Access: Common techniques to get inside your network
4. Execution: Running a malicious code on the target network
5. Persistence: Maintain a foothold evading defense attempts
6. Privilege Escalation: Obtaining access to higher-level permissions
7. Defense Evasion: Avoiding detection by disabling security systems
8. Credential Access: Stealing account credentials
9. Discovery: Figuring out the network environment
10. Lateral Movement: Using legitimate credentials to move between systems
11. Collection: Gathering information to steal data
12. Command and Control: Controlling the network with different levels of stealth
13. Exfiltration: Exfiltrate data from the compromised network.
14. Impact: Manipulate, destroy, or interrupt the compromised systems
Who can benefit from the MITRE ATT&CK Framework?
All organizations can benefit from the MITRE ATT&CK framework. They can use it for tracking attacks, deciphering patterns, and evaluating the effectiveness of defense systems already in place.
Subscribe to our Newsletters
Stay up to date with our latest news
more news
"Small is Beautiful": Post Cyberforce, Wins GSMA Telecommunication-ISAC Award
by Kamel Amroune I 7:32 am, 28th February
Embodying the principle that "Small is Beautiful," Post Cyberforce, under the exemplary leadership of Mohamed Ourdane, and Alexandre De Oliveira for his investment in GSMA T-ISAC have been honored with the prestigious GSMA Telecommunication-ISAC awards.
Interview de Paul Jung : Ivanti et les défis de la cybersécurité
by Excellium Services I 8:52 pm, 12th February
Ivanti, un fournisseur américain de logiciels, a été confronté à une série de vulnérabilités majeures affectant ses appliances de VPN professionnel, notamment Ivanti Connect Secure. Ces failles ont été exploitées dans une attaque de grande envergure touchant des milliers de clients répartis dans des secteurs critiques tels que l'aérospatial, la finance, la défense et les télécommunications à l'échelle mondiale. Les entreprises françaises ainsi que des firmes du Fortune 500 figurent parmi les victimes de cette cyberattaque. Bien qu'Ivanti n'ait pas été directement piraté, les experts en cybersécurité, notamment ceux de la firme Volexity, ont identifié des compromissions potentielles de données affectant au moins 1 700 entreprises.Dans cette interview, nous avons eu l'occasion de discuter avec Paul Jung, Responsable des Opérations CSIRT, chez Excellium Services, pour évaluer l'impact de ces vulnérabilités et discuter des mesures à prendre pour renforcer la sécurité des entreprises touchées.
load more