/* ---- Google Analytics Code Below */

Friday, November 25, 2022

MITRE Attack Framework

 When I worked with the Govt in the past, worked with MITRE,  impressive overall. I noted this recent introduction to their 'Threat actors' capability.  (which I did not use at the time).   Of interest. 

Introduction to MITRE ATT&CK - Featuring Version 12 (2022)

Josh Darby MacLellan, on Nov 22, 2022

Have you ever wondered how to create a prioritized list of threat actors? Or identify what malicious tactics and techniques are most relevant? Or what security controls should be improved first? The MITRE ATT&CK Framework can help. Version 12 has just been released and this blog will help you understand what the Framework is and what’s new.

What is MITRE?

MITRE is a US-based not-for-profit organization that supports the US federal government in advancing national security by providing a range of technical, cyber, and engineering services to the government. In 2013, MITRE launched a research project to track cyber threat actors’ behavior, developing a framework named Adversarial Tactics, Techniques, and Common Knowledge, or in short form: ATT&CK.

What is the MITRE ATT&CK Framework?

The MITRE ATT&CK Framework contains a taxonomy of threat actor behavior during an attack lifecycle, broken down into 14 tactics that each contain a subset of more specific techniques and sub-techniques (covering the TT in TTPs). The Framework is split into three separate matrices, Enterprise (attacks against enterprise IT networks and cloud), Mobile (attacks targeting mobile devices), and industrial control systems (attacks targeting ICS).

The Framework contains a wealth of knowledge based on real-world observations. To give you an indication of scope, the October 2022 iteration of ATT&CK for Enterprise contains 193 techniques, 401 sub-techniques, 135 threat actor groups, 14 campaigns, and 718 pieces of software/malware.

Screenshot of the MITRE ATT&CK Framework for Enterprise with some but not all techniques.

Each technique can be explored to reveal sub-techniques and there is an entire MITRE knowledge base that feeds the matrices. This database contains a colossal amount of information on threat actor groups, malware, campaigns, descriptions of techniques and sub-techniques, mitigations, detection strategies, references for external resources, an ID system for tracking, and more.   ... ' 

No comments: