Dec 10, 2022
By Priyanka Tomar
Back
MITRE Att&ck Framework Part – 2 | Att&ck Tactics
The MITRE ATT&CK framework has three different versions-
- ATT&CK for Enterprise: Windows, Mac, Linux, and Cloud Environment.
- ATT&CK for Mobile: iOS and Android environments.
- ATT&CK for ICS: It focuses on the behavior of adversary while operating within the ICS network.
MitreAtt&ck Tactics– means adversary goals during attack. Tactic represents the underlying motive behind an ATT&CK technique :
- Reconnaissance (Enterprise, ICS)- It is a pre-attack process. Adversaries try to get information using active or passive approach so that they can plan their attack strategies to penetrate into the network.
- Resource Development (Enterprise (ICS) – the adversary establishes resource, action, strategy etc that can be used in later stages to support their operation.
- Initial Access – The adversary tries to get into network.
- Execution – The adversary tries to run a malicious code.
- Persistence- The adversary tries to maintain their presence into network.
- Privilege Escalation- The adversary tries to get advanced privileges by exploiting any existing loophole or vulnerability.
- Defense Evasion- The adversary tries to escape detection. For example, using trusted processes to hide malware.
- Credential Access (Enterprise, Mobile)- The adversary tries to access username and passwords.
- Discovery – The adversary tries to figure out the environment, infrastructure etc. to plan further attacks.
- Lateral Movement- The adversary moves through the environment, using legitimate credentials pivoting through multiple systems.
- Collection- The adversary gathers data of interest as per their attack objective.
- Command & Control- The adversary communicates with compromised systems to control those.
- Exfiltration (Enterprise, Mobile) – The adversary steals the gathered data.
- Impact – The adversary changes, interrupts, or destroys systems and data.
- Network Effects (Mobile only) – Adversary try to intercept or manipulate network traffic.
- Inhibit Response Function (ICS only)- Adversary use techniques to hinder the safeguards put in place for processes and products.
- Impair Process Control (ICS only) – Adversary try to manipulate, disable or damage physical control process.
Reference: MITRE Att&ck