The abbreviation Att&ck in MITER Att&ck Framework stands for Adversarial Tactics, Techniques (ATT) & Common Knowledge (CK). It is a kind of knowledge base about cybercrime tactics, techniques and procedures. The framework is maintained by the MITER Corporation. MITER is an American non-profit corporation with roots dating back to 1958. It emerged from a spin-off from the Massachusetts Institute of Technology (MIT). The organization was founded with the aim of advising the US government on technical issues.
The Att&ck Framework was developed and published in 2013. It is publicly available on the website. The attack tactics, techniques and procedures listed in the framework are based on real threats over the last few years, which have been taken from attack reports and analysis. The Att&ck Framework has established itself worldwide and is used by many companies and organizations as a tool to better understand existing attack models and to minimize IT security risks. The framework covers threat scenarios for enterprise IT environments, mobile systems and industrial control systems (ICS – Industrial Control Systems). The Att&ck Framework currently has 14 different categories of attack tactics. Comparable security frameworks that compete with Att&ck are Lockheed Martin’s Cyber Kill Chain or the Diamond Model of Intrusion Analysis.
Structure of the Att&ck Framework
The Att&ck Framework is divided into different matrices. Currently these are the Enterprise Matrix, the Mobile Matrix and the ICS Matrix. The main matrix is the enterprise matrix, which includes the operating systems Windows, Linux and macOS as well as networks, clouds and containers. The Mobile Matrix is available for the Android and iOS operating systems. The Enterprise Matrix currently distinguishes 14 different categories of attack tactics. These categories are Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, and Impact. The tactic categories are further divided into different techniques and sub-techniques. In the enterprise matrix, a distinction is currently made between several hundred techniques and sub-techniques. A technique is a specific method used by an attacker to achieve a specific goal. For each technique, the framework lists the description of the method, affected systems or platforms, attacker groups, countermeasures, and practical references.
Possible applications of the Att&ck Framework
The Att&ck Framework offers numerous application possibilities such as:
- Provision of basic knowledge to optimize IT security strategies and adapt security mechanisms
- Knowledge base for analyzing security vulnerabilities
- Definition of concrete defense measures
- Assessment of existing cybersecurity risks
- Repository for IT security professionals
- Basis for training employees – imparting insights into cybersecurity threats
- Guide for IT security teams
- Providing realistic scenarios for attack simulations
- Basis for working together with IT security consultants and providers
As of 10/30/2020
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. You can find detailed information in our data protection declaration.
Consent to the use of data for advertising purposes
I agree that Vogel IT-Medien GmbH, Max-Josef-Metzger-Straße 21, 86157 Augsburg, including all companies affiliated with it within the meaning of Sections 15 et seq. AktG (hereinafter: Vogel Communications Group) my E e-mail address for sending editorial newsletters. Lists of the respective associated companies can be accessed here.
The content of the newsletter extends to the products and services of all the companies mentioned above, including, for example, trade journals and specialist books, events and trade fairs as well as event-related products and services, print and digital media offers and services such as other (editorial) newsletters, competitions, lead campaigns, Market research in the online and offline area, subject-specific web portals and e-learning offers. If my personal telephone number was also collected, it may be used for submitting offers for the aforementioned products and services from the aforementioned companies and for market research.
If I call up protected content on the Vogel Communications Group portals, including its affiliated companies within the meaning of §§ 15 ff. AktG, I have to register with additional data for access to this content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here.
right of revocation
I am aware that I can revoke this consent at any time for the future. My revocation does not affect the legality of the processing carried out on the basis of my consent up to the time of revocation. In order to declare my revocation, I can use the contact form available at as one option. If I no longer wish to receive individual newsletters to which I have subscribed, I can also click on the unsubscribe link at the end of a newsletter. I can find more information about my right of withdrawal and how to exercise it, as well as the consequences of my withdrawal, in the data protection declaration, section Editorial newsletters.
Information Security Asia is the go-to website for the latest cybersecurity and tech news in various sectors. Our expert writers provide insights and analysis that you can trust, so you can stay ahead of the curve and protect your business. Whether you are a small business, an enterprise or even a government agency, we have the latest updates and advice for all aspects of cybersecurity.