What Is Mitre ATT&CK?
MITRE Adversarial Tactics, Techniques, and Common Knowledge a.k.a MITRE ATT&CK® is a framework created by MITRE in 2013 to document attacker tactics and techniques based on real-world observations.
Built based on the Cyber Kill Chain, developed by Lockheed Martin in 2011, MITRE ATT&CK rather than describing a single attack focuses on the indicators and tactics associated with specific adversaries. With organisations evolving, an emulation of both adversary and defender behaviour to advance post-compromise detection of threats sure becomes the cyber strength we seek.
Before MITRE ATT&CK.
Cyber Kill Chain is one of the best-known cyber threat intelligence frameworks.
It breaks down an attack into seven stages. Aiding defenders pinpoint the stage of an attack, Cyber Kill Chain helps deploy appropriate countermeasures.
The Center for Cyber Intelligence Analysis and Threat Research (CCIATR) played a pivotal role as an alternative to Cyber Kill Chain. Their Diamond Model cuts down Kill Chain’s seven steps to a sharp four, tracking aspects like the attacker, the victim, the attacker’s capabilities and their infrastructure.
Modelling on these came MITRE ATT&CK, continually evolving with the threat landscape, becoming a renowned knowledge base for the industry to understand attacker models, methodologies, and mitigation.
How Does MITRE ATT&CK Work?
ATT&CK Framework describes three matrices that consist of tactics and techniques associated with them: Enterprise, Mobile, and PRE-ATT&CK. Enterprise matrix deals with the tactics and techniques for the Windows, macOS, and Linux platforms while Mobile matrix deals with the tactics and techniques for the android and iOS platforms. The PRE-ATT&CK matrix describes the tactics and techniques used by an attacker before attacking a target organization.
What Are MITRE ATT&CK’s Tactics?
Tactics are the short-term goals that the adversary wants to achieve during an attack. ATT&CK Framework has ten tactics:
- Initial Access.
- Privilege Escalation.
- Defence Evasion.
- Credential Access.
- Lateral Movement.
- Command & Control.
Techniques outline how adversaries can achieve their objectives whereas sub-techniques further describe how the behaviour is used to achieve a goal.
Why Mitre ATT&CK?
From intrusion detection, threat hunting, security engineering and threat intelligence, all the way to risk management, MITRE ATT&CK undoubtedly takes you one step closer to cybersecurity.