MITRE ATT&CK v14 Released

Cyber Security Threat Summary:
MITRE has released MITRE ATT&CK v14, the newest iteration of its popular investigation framework / knowledge base of tactics and techniques employed by cyber attackers. The goal of MITRE ATT&CK is to catalog and categorize the known tactics, techniques, and procedures (TTPs) used by adversaries in real-world attacks.

The Matrix is broken down into known TTPs as they related to Enterprise, Mobile, and Industrial Control Systems (ICS). As adversaries continue to adapt their capabilities to new defenses, MITRE releases an updated versions of it’s framework. A new version of ATT&CK is released every six months.

Analyst Comments: Here are some of the changes in MITRE ATT&CK v14:

  • Enhanced detection notes to help defenders detect signs of adversary behaviors when analyzing network traffic
  • Enhanced relationships between detections, data sources, and mitigations
  • New Assets (devices and systems) included in the ICS matrix
  • Wider scope of the Mobile matrix (added new phishing vectors, including quishing) and structured detections
  • New software, attack groups, and documented campaigns
The framework can be used by organizations to learn about different tactics and techniques they may be unfamiliar with, including procedural examples and detection/mitigation details. Threat actors can be mapped against the ATT&CK matrix and even layered to understand the most common TTPs. By understanding the most common attack vectors, organizations can prioritize defenses. Link(s):