Top 7 HIPAA Violation Examples
Recently, we shared a post about HIPAA Compliance. In it, we explained the importance of protecting medical records and data related to the patients...
A worldwide knowledge repository on enemy tactics and methods based on real-world observations, MITRE ATT&CK®, is a freely available resource for military, intelligence, government, and academic communities.
MITRE is a non-profit company that “works in the public interest across federal, state and local governments, as well as industry and academia.” They created the MIRE ATT&CK framework.
Now you might be wondering, what is MITRE ATT&CK and what are some MITRE ATT&CK techniques? We’re answering these questions and more below.
The acronym MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK).
With its establishment of MITRE ATT&CK techniques, the goal of the company is to make the world safer by bringing communities together to build more effective cybersecurity solutions.
ATT&CK is a free framework that is accessible to anybody or any organization that wants to use it.
In 2013, the MITRE Corporation, a non-profit organization that assists several United States federal departments, started creating the MITRE ATT&CK framework. After being formally launched in May 2015, the framework has subsequently undergone multiple revisions, typically issued every three months.
The top questions that ATT&CK aims to answer are things like:
ATT&CK is a knowledge base of adversary behavior that is based on real-world observations. It’s free, open, and globally accessible using a common language and a community-driven mindset.
MITRE relies on the community to share persistent threats they are seeing and the tactics, methods, and procedures (TTPs) that are working/not working in cyber defense. More than 90 organizations contribute knowledge regularly to the framework. This “boots on the ground” intel gives the company a better idea of what is happening in the world of cybersecurity, which they then distill and share.
A total of 14 elements are included in the Enterprise ATT&CK framework. These include:
The initial elements of reconnaissance and resource development are considered the “Pre-ATT&CK” phase. In other words, when cybercriminals are trying to determine how to “break in.” The latter elements of the framework refer to when the bad actors are gaining unauthorized access, and what they are doing once they get in.
Cyber adversary behavior and activities are cataloged and classified in ATT&CK, which serves as a knowledge repository of cyber adversary behavior and actions throughout their lifespan.
The ATT&CK framework is divided into two parts: ATT&CK for Business, which examines behavior against enterprise IT networks and the cloud, and ATT&CK for Mobile, which analyzes behavior against mobile devices.
When it comes to ATT&CK techniques and sub-techniques, tactics constitute the "why." It is the tactical goal of the adversary or the reason for which an action is being performed. For example, a cybercriminal attempting to get access to credentials for the purposes of gaining entry to a website or network.
By completing an action, an adversary's technique represents "how" he accomplishes a tactical aim. To get access to a system, an attacker may guess credentials, for example.
Procedures are the exact implementation the bad actor employs. For example, an adversary might use a program to inject into lsass.exe to leak credentials by scraping LSASS memory from a victim's computer.
How can you use the MITRE ATT&CK framework to defend your organization against the threats to your cybersecurity? Along with the MITRE ATT&CK elements listed above are tools for testing, detecting, preventing, and eradicating attacks, and cyber threats.
For example, under the Reconnaissance element, Active Scanning is listed as a technique adversaries may use to attempt to “sneak in” to a network. The main tool recommended for detection of Active Scanning is network traffic monitoring. Spikes in traffic or “suspicious network traffic could be indicative of scanning.”
Another example is the element of “Credential Access.” One technique mentioned is Brute Force. A recommended tool for mitigation is multi-factor authentication, and another is User Account Management to reset accounts known to be part of breached credentials.
For a full breakdown of all techniques, and detection and mitigation tools for each of the 14 elements in the MITRE ATT&CK framework, click here. The more you learn about the threats online, the sooner you can develop your own internal framework for your own organization. If you would like assistance with this, contact Rivial Security to learn more about our cybersecurity solutions.
Recently, we shared a post about HIPAA Compliance. In it, we explained the importance of protecting medical records and data related to the patients...
Every financial institution faces risk. It doesn’t matter if you’re a Manhattan bank in charge of $30 billion in assets or a local credit union...
Traditional IT risk assessments are failing to account for real-world adversarial tactics, leaving organizations vulnerable to emerging threats. ...