What is the MITER Att&ck Framework?

The MITER Att&ck Framework provides information on cybercrime tactics, techniques and procedures. It is a publicly available cyber attack knowledge base. The framework helps to better understand the various existing attack models and to improve existing IT security strategies. The framework is maintained and published by MITER Corporation, a US non-profit corporation.

The abbreviation Att&ck in MITER Att&ck Framework stands for Adversarial Tactics, Techniques (ATT) & Common Knowledge (CK). It is a kind of knowledge base about cybercrime tactics, techniques and procedures. The framework is maintained by the MITER Corporation. MITER is an American non-profit corporation with roots dating back to 1958. It emerged from a spin-off from the Massachusetts Institute of Technology (MIT). The organization was founded with the aim of advising the US government on technical issues.

The Att&ck Framework was developed and published in 2013. It is publicly available on the website. The attack tactics, techniques and procedures listed in the framework are based on real threats over the last few years, which have been taken from attack reports and analysis. The Att&ck Framework has established itself worldwide and is used by many companies and organizations as a tool to better understand existing attack models and to minimize IT security risks. The framework covers threat scenarios for enterprise IT environments, mobile systems and industrial control systems (ICS – Industrial Control Systems). The Att&ck Framework currently has 14 different categories of attack tactics. Comparable security frameworks that compete with Att&ck are Lockheed Martin’s Cyber ​​Kill Chain or the Diamond Model of Intrusion Analysis.

READ:  What is a neural network?

Structure of the Att&ck Framework

The Att&ck Framework is divided into different matrices. Currently these are the Enterprise Matrix, the Mobile Matrix and the ICS Matrix. The main matrix is ​​the enterprise matrix, which includes the operating systems Windows, Linux and macOS as well as networks, clouds and containers. The Mobile Matrix is ​​available for the Android and iOS operating systems. The Enterprise Matrix currently distinguishes 14 different categories of attack tactics. These categories are Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, and Impact. The tactic categories are further divided into different techniques and sub-techniques. In the enterprise matrix, a distinction is currently made between several hundred techniques and sub-techniques. A technique is a specific method used by an attacker to achieve a specific goal. For each technique, the framework lists the description of the method, affected systems or platforms, attacker groups, countermeasures, and practical references.

Possible applications of the Att&ck Framework

The Att&ck Framework offers numerous application possibilities such as:

  • Provision of basic knowledge to optimize IT security strategies and adapt security mechanisms
  • Definition of concrete defense measures
  • Repository for IT security professionals
  • Basis for training employees – imparting insights into cybersecurity threats
  • Guide for IT security teams
  • Providing realistic scenarios for attack simulations
  • Basis for working together with IT security consultants and providers
READ:  What is Kerberos: Understanding the Authentication Protocol