MITRE's ATT&CK Framework

Overview

• Adversary Challenges
  • Adversaries typically remain undetected on networks for months after a breach.
  • Understanding adversarial penetration, movement, and objectives is crucial for defense.

ATT&CK Framework by MITRE

• Describes how adversaries infiltrate networks, move laterally, escalate privileges, and evade defenses.
• Provides perspective from the adversary's point of view, outlining their goals and methods.

Tactics and Techniques

• Tactics: Specific technical objectives that attackers aim to achieve.
  • Examples include:
    • Defense Evasion
    • Lateral Movement
    • Exfiltration
• Techniques: Various methods an adversary might use to achieve each tactic.
  • Techniques vary based on adversary expertise, tool availability, and system configuration.
  • Each technique includes:
    • Description of the method.
    • Applicable systems or platforms.
    • Known adversary groups using the technique.
    • Mitigation strategies.
    • References to real-world usage.

Benefits of ATT&CK

• Understanding Adversary Operations
  • Helps in planning detection and prevention strategies.
  • Provides insights into adversary preparation and execution stages.
• Detection Enhancement
  • Framework aids in developing analytics for detecting adversary techniques.

Adversary Group Information

• ATT&CK maintains a library of adversary groups and their campaigns.
• Based on real-world data, allowing correlation of adversaries with techniques.

Technology Domains

• ATT&CK is segmented into domains covering:
  • Enterprise networks (Windows, Linux)
  • Mobile devices

Community and Collaboration

• MITRE fosters a community around ATT&CK for knowledge refinement and sharing.
• A conflict-free environment is maintained for creating and managing information.

Conclusion

• ATT&CK helps organizations understand adversaries, evaluate defenses, and improve security.
• MITRE provides resources and solutions in cyber threat intelligence for a safer world.