Syda Productions - stock.adobe.c

Three latest trends and developments around the Mitre ATT&CK framework

Framework is set to receive important updates to help organisations and businesses evolve their cyber security. Learn more about what it offers

Cyber security is an essential part of running any business in the modern world. Protecting a company’s intellectual property and its clients’ protected information from hackers and other malicious entities is becoming more challenging every year. Mitre ATT&CK is quickly becoming one of the most efficient tools for collecting information about malicious attacks and coming up with techniques to block or prevent them.

So what is the Mitre ATT&CK framework, and which trends are shaping the way this tool can be applied to cyber security around the globe?

For those unfamiliar with Mitre ATT&CK or those who are just beginning to consider implementing its practices in their business, here is a brief refresher about this framework.

The ATT&CK in the framework’s name stands for Adversarial Tactics, Techniques & Common Knowledge. In its most basic form, ATT&CK is a massive matrix of collected data concerning the tactics and techniques that malicious entities might use to gain entrance to a closed or secure system.

It isn’t a cyber security system, but it does provide the tools for businesses and organisations to assess their own cyber security setups, helping them to identify holes in their security and address them in order of the risk they pose to the organisation.

Currently, there are 12 overarching tactics, as well as more than 250 techniques listed in the ATT&CK matrix. These can be further broken down into sub-techniques. The tactics list is set, with the last addition – impact – occurring in 2019, but the techniques list is continually expanding as industry experts and cyber security professionals encounter new methods for cracking secure systems.

Cyber security has changed dramatically in just the last 10 years or so, with hackers finding new ways to exploit vulnerabilities that even the original programmers may have overlooked. Cyber security experts have come up with new tools to protect these companies, such as managed detection and response (MDR) and managed service security providers (MSSPs) that can help bridge the gaps – but not everyone is participating.

A 2021 managed services report found that upwards of 50% of respondents were not using any sort of detection and response tools to protect and improve their networks. A full quarter of those who responded are still relying only on perimeter defence tools.

Mitre is planning ATT&CK evaluations through Q2 2022. Those monitoring these evaluations can expect to see results some time during Q3 2022, which will help outline the next steps for this sort of security management tool.

Contending with ransomware

Ransomware has been one of the biggest cyber security threats in recent memory, slipping into secure systems and encrypting files, then promising the decryption key in exchange for exorbitant ransoms. While individual users are at risk and can lose their files to a ransomware attack, large companies are a more lucrative target – mostly because they can often afford to pay a much bigger ransom.

By May 2021, there had already been nearly 300 ransomware attacks, with companies paying a collective $45m (£33m at time of writing) in ransom.

Ransomware is likely to continue to be a threat for a long time to come. And while preparing for these attacks won’t prevent someone from downloading an infected file, Mitre ATT&CK can help companies to patch the holes in their security system that could allow an infected file to make its way into an organisation’s network in the first place.

Companies that haven’t fallen victim to a ransomware attack yet should consider incorporating Mitre ATT&CK or other similar security frameworks as part of a scalability plan moving forward.

In October 2021, Mitre released its plans for ATT&CK v10, the newest incarnation of the security framework. This release continues to build on the new data sources provided by V9 of the program, adding further data components and updated structures that make it easier to make connections between different points of data. It also added new content options, such as remote services for macOS and Linux systems, opening up its applications to many new systems.

This release also detailed some of the tools that Mitre is working toward deploying in 2022, such as structured detection, overlay and combination tools, and overarching campaigns. There are also plans for ATT&CKcon 2022, where more information should be available.

As global commerce – and especially e-commerce – continues to expand in the coming years, cyber security will need to change and evolve. Perimeter defence programs may have been sufficient in the past, but don’t cover all the holes and backdoors that could allow malicious attackers to make their way into an otherwise secure system.

Mitre ATT&CK is a framework, but it can also serve as a foundation to address cyber security as a whole moving forward. Networked systems and cloud storage are here to stay. We don’t need to change them– simply the way we access them, and the way we keep our networks secure.

Read more on Regulatory compliance and standard requirements