Demystifying MITRE’s ATT&CK™ to supercharge cyber defenses - Part III

In our first blogpost about MITRE’s ATT&CK™ framework, we explained what it exactly is and how it contributes to cybersecurity. In our second blogpost, we dove deeper into the various features. In this blogpost, the third and final one in this series, we will discuss the future of MITRE’s ATT&CK framework as we see it.

To recap: ATT&CK is a MITRE-developed, globally-accessible knowledge base of cyberattack strategies and techniques that have been detected and reported. This knowledge base is freely accessible for any organization, to benefit from and to contribute to.  But also, researchers can add their own ideas and experiences, making the platform even stronger for fending off the growing cybercrime wave.

MITRE is constantly improving its ATT&CK framework to turn it into a one-stop knowledge base across multiple platforms and all phases of the crimeware and cyberattack lifecycle. This means that also the PRE-ATT&CK phase is covered in technical detail in MITRE’s Enterprise ATT&CK section.

As we all know, one of the tricky parts of defending against malware attacks is the fact that they keep mutating. To illustrate: The computer network of Pinehurst-based First Health of the Carolinas was shut down by a new form (at that time) of WannaCry in October 2017. Bad Rabbit, a variant of the Petya ransomware, victimized organizations in Russia, Ukraine and other countries in October 2017. That’s why the ATT&CK platform keeps on updating and now even includes details of sub-techniques for defining those variations and techniques.

In short, MITRE keeps on developing and improving its robust set of tools, including its ATT&CK Navigator (an embeddable ATT&CK matrix visualization tool) and its STIX/TAXII-based APIs. By partnering with industry players in combination with its process of feedback and governance, ATT&CK is a great available resource for getting relevant and useful information and tools to boost cybersecurity posture now and in the future.

MITRE’s ATT&CK has already been utilized by organizations and vendors and we at Cymulate predict that it will soon become an internationally recognized industry standard.

For a full overview of MITRE’S ATT&CK Ma&trix, click here.

To learn more about Cymulate’s BAS platform, click here.

Filed Under: ATT&CK, MITRE, Vulnerabilities, NotPetya, Cybercrime, Cyber Attacks, Breach & Attack Simulation, Red Team