MITRE ATT&CK

From Embedded Lab Vienna for IoT & Security
Revision as of 08:02, 3 January 2024 by ALanners (talk | contribs)
Jump to navigation Jump to search

Introduction

Developed by MITRE, ATT&CK is a globally accessible knowledge base focused on adversary behaviour - also called cyber threat intelligence . Cyber adversaries are notorious for their intelligence, adaptability, and persistence, learning from each attack, whether successful or unsuccessful. Their capabilities range from stealing personal information to disrupting critical infrastructure and damaging business operations. The MITRE ATT&CK knowledge-base is freely available to everyone. THE MITRE ATT&CK knowledge base documents the common tactics, techniques and procedures used by cyber adversaries. It can serve as a valuable resource for the development of specific threat models and methodologies. [1]

MITRE ATT&CK Groups

MITRE ATT&CK Software

MITRE ATT&CK Tactics

MITRE ATT&CK Techniques

MITRE ATT&CK Matrix for Enterprise

The MITRE ATT&CK matrix is part of the knowledge base and provides actor-specific techniques and procedures for each phase of the attack. The process begins with reconnaissance and ends with impact. Different techniques and tactics are assigned to each process step, which can be clicked on and which then lead to documentation.

caption

Reconnaissance

Reconnaissance involves adversaries actively or passively collecting information to support their targeting efforts an reach their target, which consist in an successfull attack. This gathered informations may include details about the victim organization, its infrastructure, used software or hardware or personnel. Threat actors can utilize this information across different phases of the mentioned process (MITRE ATT&CK Matrix), using it for tasks like planning and executing Initial Access, determining post-compromise objectives, or guiding subsequent Reconnaissance efforts. [2]

Ressource Development

Resource development encompasses methods by which adversaries generate, acquire, or steal resources to support their targeting activities. These resources may include infrastructure, accounts or capabilities. The threat actors can use these resources at different stages of their lifecycle - for example by using purchased or stolen domains for command and control infrastructure, using email accounts for phishing during initial access or acquiring code signing certificates to facilitate defence evasion. [3]

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Command and Controll

Exfiltration

Impact

References

  1. "MITRE ATT&CK" - available under: https://www.mitre.org/focus-areas/cybersecurity/mitre-attack
  2. "Reconnaissance" - available under: https://attack.mitre.org/tactics/TA0043/
  3. " Resource Development " - available under: https://attack.mitre.org/tactics/TA0042/
Retrieved from "https://wiki.elvis.science/index.php?title=MITRE_ATT%26CK&oldid=13367"