MITRE Att&ck Framework Part – 2 | Att&ck Tactics (Cloud Security)

December 10, 2022 | By Priyanka Tomar

The MITRE ATT&CK framework has three different versions-

  • ATT&CK for Enterprise: Windows, Mac, Linux, and Cloud Environment.
  • ATT&CK for Mobile: iOS and Android environments.
  • ATT&CK for ICS: It focuses on the behavior of adversary while operating within the ICS network.

Mitre Att&ck Tactics– means adversary goals during attack. Tactic represents the underlying motive behind an ATT&CK technique

    1. Reconnaissance (Enterprise, ICS)- It is a pre-attack process. Adversaries try to get information using active or passive approach so that they can plan their attack strategies to penetrate into the network.
    2. Resource Development (Enterprise (ICS) – the adversary establishes resource, action, strategy etc that can be used in later stages to support their operation.
    3. Initial Access – The adversary tries to get into network.
    4. Execution – The adversary tries to run a malicious code.
    5. Persistence- The adversary tries to maintain their presence into network.
    6. Privilege Escalation- The adversary tries to get advanced privileges by exploiting any existing loophole or vulnerability.
    7. Defense Evasion- The adversary tries to escape detection. For example, using trusted processes to hide malware
    8. Credential Access (Enterprise, Mobile)- The adversary tries to access username and passwords.
    9. Discovery – The adversary tries to figure out the environment, infrastructure etc. to plan further attacks.
    10. Lateral Movement- The adversary moves through the environment, using legitimate credentials pivoting through multiple systems.
    11. Collection- The adversary gathers data of interest as per their attack objective
    12. Command & Control- The adversary communicates with compromised systems to control those.
    13. Exfiltration (Enterprise, Mobile) – The adversary steals the gathered data.
    14. Impact – The adversary changes, interrupts, or destroys systems and data.
    15. Network Effects (Mobile only) – Adversary try to intercept or manipulate network traffic.
    16. Inhibit Response Function (ICS only)- Adversary use techniques to hinder the safeguards put in place for processes and products.
    17. Impair Process Control (ICS only) – Adversary try to manipulate, disable or damage physical control process.
  • Reference: MITRE Att&ck

Leave a Reply

Your email address will not be published. Required fields are marked *