The MITRE ATT&CK framework is an organization that is always on the lookout for newer attack techniques. It is a security framework comprised of assessment tools, data matrices, and documentation to help organizations bolster their security while revealing vulnerabilities in their defence ecosystem.
What is MITRE ATT&CK Framework?
MITRE (Massachusetts Institute of Technology Research And Engineering) is a security organization whose MITRE ATT&CK framework (short for Adversarial Tactics, Techniques & Common Knowledge) delivers a modern approach to witnessing and tackling cyber threats. It is a global knowledge base (KB) for identifying adversary tactics and techniques. The framework uses real-world observations for documenting specific attack methods, strategies, and tactics.
The framework drives the mission to solve cybersecurity problems and make the technology world safer. This framework has become the centrepiece of cybersecurity threats monitoring across industries since 2013. The MITRE ATT&CK framework and its various matrices have evolved to handle threats related to emerging technology. Its various matrices cover different tactics, such as:
Command & Control
The latest version of MITRE ATT&CK is version 11, which came up with two of the most pressing threat vectors: mobile technology and industrial control systems. To learn more about using different security postures to keep your enterprise safe, get in touch with the experts at Packetlabs.
ATT&CK incorporates the ICS matrix
MITRE ATT&CK framework has evolved to address industrial control systems' vulnerability management and security postures. The U.S. Cybersecurity Infrastructure and Security Agency (CISA) has cited the necessity to defend ICS for better industrial workflow and a secure ecosystem. In 2020, CISA published the Securing Industrial Control Systems: A Unified Initiative, which laid the foundation for an initiative towards various challenges of securing ICS and future threats.
In 2018, the Idaho National Laboratory issued a research paper on the History of Industrial Control System Cyber Incidents, which covered the examples of security incidents in oil pipelines and water treatment facilities. The ATT&CK v11 brings various matrices covering adversary insight across different industrial control systems' attack lifecycle. Although the ICS matrix does not contain any sub-techniques since it is new in the MITRE ATT&CK framework, researchers might add them to this matrix in the future.
Sub-techniques by ATT&CK for mobile threats
ATT&CK for mobile and cellular security was launched in 2016 to help enterprises with security issues and extra essential information related to cellular threats. As more and more mobile devices are being added to the corporate ecosystem, ATT&CK addresses the real-world problems linked with mobile devices. With the advent of version 11 of the MITRE ATT&CK framework, mobile security postures have become mature, covering smartphones & tabs that use Android or iOS.
MITRE noticed the new corporate culture of BYOD and the rising percentage of data breaches due to mobile device usage. Threat actors and cybercriminals started targeting these small units because they are less secure and interact more with the enterprise data and apps. That is why MITRE came up with countless use cases that enterprises can leverage to prioritize their defence.
The addition of mobile sub-techniques also brings in various attack lifecycle phases, such as threat execution, access techniques, and threat persistence, which help organizations gain deeper insight. Other trending mobile threat techniques like compromising apps, software dependencies, vulnerable toolkits, etc., are listed in detail within the newly incorporated sub-techniques with a unique ID for each of them.
Future objectives of MITRE ATTA&CK Framework
MITRE researchers are digging deeper into these two verticals to develop more sub-techniques and stay aligned with the threats each emerging technology produces. They have covered security measures for some newly adopted technologies like Kubernetes, cloud computing, and containers.
They are working on identifying and discovering new vulnerabilities and attack lifecycles along with tools, techniques, and procedures (TTP) that attackers are planning to implement in the future.