Cyber Security Threat Summary:
MITRE has released MITRE ATT&CK v14, the newest iteration of its popular investigation framework / knowledge base of tactics and techniques employed by cyber attackers. The goal of MITRE ATT&CK is to catalog and categorize the known tactics, techniques, and procedures (TTPs) used by adversaries in real-world attacks.
The Matrix is broken down into known TTPs as they related to Enterprise, Mobile, and Industrial Control Systems (ICS). As adversaries continue to adapt their capabilities to new defenses, MITRE releases an updated versions of it’s framework. A new version of ATT&CK is released every six months.
Analyst Comments: Here are some of the changes in MITRE ATT&CK v14:
- Enhanced detection notes to help defenders detect signs of adversary behaviors when analyzing network traffic
- Enhanced relationships between detections, data sources, and mitigations
- New Assets (devices and systems) included in the ICS matrix
- Wider scope of the Mobile matrix (added new phishing vectors, including quishing) and structured detections
- New software, attack groups, and documented campaigns