Authored by: PlexTrac Author Posted on: May 1, 2020 MITRE ATT&CK® Framework: Defined and Outlined According to the MITRE website, “MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.” Basically, this deep catalog of hackers’ tools of the trade is a fount of cybersecurity knowledge. The ATT&CK® framework can lay the foundation for offensive and defensive strategies in cybersecurity. The ATT&CK® Gold Standard Developed by MITRE, a non-profit think tank that manages federally funded research and development centers (FFRDCs), the open source ATT&CK® framework is becoming the gold standard for cybersecurity strategy. The acronym stands for Adversarial Tactics, Techniques & Common Knowledge. The framework has undergone several iterations but continues to seek to be as comprehensive of a paradigm for understanding and cataloging cyber threats as is possible. MITRE actively seeks contributions to the framework from practitioners to keep it current and just released a beta-version with sub-techniques this year. Three matrices are available: Enterprise ATT&CK®, Pre-ATT&CK®, and Mobile ATT&CK®. The 12 MITRE ATT&CK® Tactics The ATT&CK® Framework consists of 12 tactics. These are often considered the “why” part of the equation. Each tactic represents an objective that the attacker wishes to achieve in their current step of compromise (ex: achieving “Initial Access” to a network, server, etc.). These 12 tactics are defined and outlined below (to see official definitions and additional information, visit MITRE’s website here): Initial Access: Techniques that use various entry vectors to gain their initial foothold within a network. Execution: Techniques that result in adversary-controlled code running on a local or remote system. Persistence: Techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off access. Privilege Escalation: Techniques adversaries use to gain higher-level permissions on a system or network. Defense Evasion: Techniques that adversaries use to avoid detection throughout their compromise. Credential Access: Techniques for stealing credentials like account names and passwords. Discovery: Techniques an adversary may use to gain information about the system and internal network. Lateral Movement: Techniques adversaries use to enter and control remote systems on a network. Collection: Techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary’s objectives. Command and Control: Techniques adversaries use to communicate with systems under their control within a victim network. Exfiltration: Consists of techniques that adversaries may use to steal data from your network. Impact: The techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Why the ATT&CK® Framework is Valuable The ATT&CK matrices serve public and private enterprises as foundations of knowledge for modeling threats and methodologies. PlexTrac CEO, Dan DeCloss says, “We love to reference the MITRE ATT&CK® framework because it breaks everything down based on the attack lifestyle, which, at the end of the day, is what we are really trying to do—identify issues that crop up in each of those different tactics.” All that collected and aggregated information gives both red and blue teams extensive knowledge to plan assessments, and knowledge is power. But effectively using the power available in the ATT&CK® knowledge base takes work. PlexTrac helps manage and aggregate the data produced when following the ATT&CK® framework so teams can better collaborate. Using PlexTrac with MITRE ATT&CK® can take cybersecurity team to the next level with a purple teaming paradigm. References https://attack.mitre.org https://digitalguardian.com/blog/what-mitre-attck-framework PlexTrac Author At PlexTrac, we bring together insights from a diverse range of voices. Our blog features contributions from industry experts, ethical hackers, CTOs, influencers, and PlexTrac team members—all sharing valuable perspectives on cybersecurity, pentesting, and risk management.
The CVE Program Regains Funding: A Critical Juncture for Global Cybersecurity If you’ve spent any amount of time in cybersecurity, you’ve likely encountered the CVE (Common Vulnerabilities and Exposures) Program. It’s a foundational piece of how we identify and talk about... READ ARTICLE
What the CVE Funding Scare Exposed About the State of Vulnerability Management The CVE program is vital, but recent events are a reminder that security strategies must go far beyond known vulnerabilities. The potential defunding of the CVE (Common Vulnerabilities and Exposures)... READ ARTICLE
Introducing PlexTrac for CTEM: Proactively Manage Exposure Risk Gartner’s Continuous Threat Exposure Management (CTEM) framework is all the rage right now. Everyone’s talking about the need for continuous security testing and tossing around “CTEM” as the buzzword. But... READ ARTICLE