MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)
ATT&CK Framework https://cve.mitre.org/ Cyber Analytics Repository MITRE ENGAGE MITRE D3FEND MITRE ENGENUITY MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a comprehensive, globally accessible knowledge base of cyber adversary behaviour and tactics. Developed by the MITRE Corporation, it is a valuable resource for organisations to understand the different stages of cyber attacks and develop effective defences.
The ATT&CK framework is organised into a matrix that covers various tactics (high-level objectives) and techniques (methods used to achieve goals). The framework includes descriptions, examples, and mitigations for each technique, providing a detailed overview of threat actors’ methods and tools.
For a quick example, let’s examine one of the techniques in the framework - Exploit Public-Facing Application.
TTP is an acronym for Tactics, Techniques, and Procedures, but what does each of these terms mean?
- The Tactic is the adversary’s goal or objective.
- The Technique is how the adversary achieves the goal or objective.
- The Procedure is how the technique is executed.
If that is not that clear now, don’t worry. Hopefully, as you progress through each section, TTPs will make more sense.
APT is an acronym for Advanced Persistent Threat. This can be considered a team/group (threat group), or even country (nation-state group), that engages in long-term attacks against organizations and/or countries. The term ‘advanced’ can be misleading as it will tend to cause us to believe that each APT group all have some super-weapon, e.i. a zero-day exploit, that they use. That is not the case. As we will see a bit later, the techniques these APT groups use are quite common and can be detected with the right implementations in place. You can view FireEye’s current list of APT groups here.