MITRE Att&ck Framework Part – 2 | Att&ck Tactics

The MITRE ATT&CK framework has three different versions-

• ATT&CK for Enterprise: Windows, Mac, Linux, and Cloud Environment.
• ATT&CK for Mobile: iOS and Android environments.
• ATT&CK for ICS: It focuses on the behavior of adversary while operating within the ICS network.

MitreAtt&ck Tactics– means adversary goals during attack. Tactic represents the underlying motive behind an ATT&CK technique :

• Reconnaissance (Enterprise, ICS)- It is a pre-attack process. Adversaries try to get information using active or passive approach so that they can plan their attack strategies to penetrate into the network.
• Resource Development (Enterprise (ICS) – the adversary establishes resource, action, strategy etc that can be used in later stages to support their operation.
• Initial Access – The adversary tries to get into network.
• Execution – The adversary tries to run a malicious code.
• Persistence- The adversary tries to maintain their presence into network.
• Privilege Escalation- The adversary tries to get advanced privileges by exploiting any existing loophole or vulnerability.
• Defense Evasion- The adversary tries to escape detection. For example, using trusted processes to hide malware.
• Credential Access (Enterprise, Mobile)- The adversary tries to access username and passwords.
• Discovery – The adversary tries to figure out the environment, infrastructure etc. to plan further attacks.
• Lateral Movement- The adversary moves through the environment, using legitimate credentials pivoting through multiple systems.
• Collection- The adversary gathers data of interest as per their attack objective.
• Command & Control- The adversary communicates with compromised systems to control those.
• Exfiltration (Enterprise, Mobile) – The adversary steals the gathered data.
• Impact – The adversary changes, interrupts, or destroys systems and data.
• Network Effects (Mobile only) – Adversary try to intercept or manipulate network traffic.
• Inhibit Response Function (ICS only)- Adversary use techniques to hinder the safeguards put in place for processes and products.
• Impair Process Control (ICS only) – Adversary try to manipulate, disable or damage physical control process.

Reference: MITRE Att&ck