Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • The MITRE ATT&CK Framework: What You Need to Know
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

The MITRE ATT&CK Framework: What You Need to Know

6 years ago Travis Smith
The MITRE ATT&CK Framework: What You Need to Know

The MITRE ATT&CK Framework has gained a lot of popularity in the security industry over the past year.

I have spent a lot of time researching the hundreds of techniques, writing content to support the techniques, and talking about the value to anyone who will listen.

What is the MITRE ATT&CK Framework?

For those who are not familiar, ATT&CK is the Adversarial Tactics Techniques and Common Knowledge framework available from MITRE. It is a curated knowledge base of 11 tactics and hundreds of techniques that attackers can leverage when compromising enterprises.

There are five things I love about the various techniques.

Description

First is the description that each provides. Even though I have been in the security industry for what seems like a long time now, there’s always something new to learn. For all of the techniques with which I was not familiar, there were descriptions breaking down how the technique is leveraged and why it may be important for defenders to take a look.

Platform and Data Sources

From a practitioner standpoint, the platform and data sources sections are incredibly valuable because they tell me what systems I need to be monitoring and what I need to be collecting from them to mitigate and/or detect abuse of the technique. In some cases, there is detailed guidance on how to specifically mitigate or what to specifically monitor for the technique. However, many of the techniques lack prescriptive guidance.

Examples and Guidance

That’s where the examples come in handy. Every technique is based on real-world examples of how it has been leveraged by a piece of malware or campaign by a threat actor group. Each example and many of the other sources are cited Wikipedia style to published articles from various blogs and security research teams.

If there isn’t guidance directly in ATT&CK, then it’s usually found within one of these linked articles. However, the value of the examples comes from having assurance that anything you are doing to leverage ATT&CK in your organization is linked to a direct risk to your business.

Mitigation and Detection

The final two valuable items of ATT&CK are the Mitigation and Detection sections within each technique. While hardening benchmarks and compliance frameworks are excellent at providing some mitigating factors, none provide the level of guidance around detection strategies that ATT&CK does. Many of the techniques explicitly state what should be monitored in your environment. The knowledge provided here can increase the maturity of a security organization overnight.

Understanding the Tactics

The tactics from ATT&CK aren’t followed in any linear order, such as the case with the Lockheed Martin Cyber Kill Chain. Instead, an attacker can bounce between tactics to ultimately achieve their goal.

There’s not one tactic that is more important to leverage than the others; your organization is going to have to obtain an analysis of what your current coverage is, assess the risks faced by the organization, and address the gaps in a fashion which makes sense for you.

When going through this process, there are two ways I typically see organizations take this on. The first is to take an inventory of their security tools and request a coverage mapping from the vendors themselves. While this is the easiest and quickest method, the coverage provided may not match how you’ve deployed their tools.

Instead, I see organizations assess on a tactic-by-tactic basis. Start with a single tactic, such as Persistence, and address your coverage. It’s useful here to address the coverage for mitigation and detection separately. These techniques can be incredibly complex, and just because one portion of the technique may be mitigated doesn’t mean that an attacker can’t abuse it in a different way.

Planning

If you don’t have a dedicated red team to sit down and exploit various techniques in person with you, take a look at the adversarial emulation plans from MITRE. These provide step-by-step guidance on how to exploit various techniques based on APT groups seen in the wild.

Over the next few weeks, I am going to dig into each of the eleven tactics in the ATT&CK framework. These are just my high-level thoughts on the spirit of each tactic and tips on how to go about addressing the mitigation and detection aspects of some of the techniques within them. If you are also interested, I ran through a similar exercise with the CIS Critical Security Controls.

There is also a mapping of CIS controls to the ATT&CK framework available. This can be helpful if you’re already adopting the CIS Controls and are starting down the path of adopting ATT&CK.

Read more about the MITRE ATT&CK Framework here:

  • The MITRE ATT&CK Framework: Initial Access
  • The MITRE ATT&CK Framework: Execution
  • The MITRE ATT&CK Framework: Persistence
  • The MITRE ATT&CK Framework: Privilege Escalation
  • The MITRE ATT&CK Framework: Defense Evasion
  • The MITRE ATT&CK Framework: Credential Access
  • The MITRE ATT&CK Framework: Discovery
  • The MITRE ATT&CK Framework: Lateral Movement
  • The MITRE ATT&CK Framework: Collection
  • The MITRE ATT&CK Framework: Exfiltration
  • The MITRE ATT&CK Framework: Command and Control

The post ” The MITRE ATT&CK Framework: What You Need to Know” appeared first on TripWire

Source:TripWire – Travis Smith

Tags: APT, Critical Severity, Exploit, High Severity, TripWire

Continue Reading

Previous Qbot Trojan Reappears to Go After U.S. Banking Customers
Next Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup

2 days ago [email protected] (The Hacker News)

Recent Posts

  • Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
  • Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
  • CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms
  • Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
  • China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT