Friday, February 26, 2021
  • Understand Your Staff: How Insiders Shape Defenses
  • Security Budgets to See 2021 Increases, Survey Finds
  • ENISA Releases Guidelines for Cloud Security for Healthcare Services
  • Integrated Risk Management for Your Business
  • No, 1,000 engineers were not needed for SolarWinds

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » MITRE ATT&CK April 2019 Update

MITRE ATT&CK April 2019 Update

by David Lu on May 12, 2019

MITRE has released an April 2019 update to its ATT&CK framework. It’s been a year since the last major update featuring a new tactic. There are a number of changes for this year: the most major being the addition of a 12th Tactic, Impact, which contains 14 new Techniques. There are also 7 new Techniques under existing Tactics as well as a number of other minor changes.

Impact

The Impact Tactic covers integrity and availability attacks against enterprise systems. The 14 Techniques included in this update are as follows:

  • Data Destruction
  • Data Encrypted for Impact
  • Defacement
  • Disk Content Wipe
  • Disk Structure Wipe
  • Endpoint Denial of Service
  • Firmware Corruption
  • Inhibit System Recovery
  • Network Denial of Service
  • Resource Hijacking
  • Runtime Data Manipulation
  • Service Stop
  • Stored Data Manipulation
  • Transmitted Data Manipulation

Of particular significance here are Techniques that describe behavior related to ransomware, DoS/DDoS attacks, and illicit cryptocurrency mining, which, according to Verizon’s 2019 Data Breach Investigations Report, are increasing in prevalence or severity.

T1486: Data Encrypted for Impact

Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data permanently inaccessible in cases where the key is not saved or transmitted.

T1486 describes behavior most commonly associated with ransomware; and, given that 39% of all identified malware in 2018 was classified as ransomware, this Technique is a welcome update.

T1496: Resource Hijacking

Adversaries may leverage the resources of co-opted systems in order to solve resource intensive (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Lu. Read the original post at: https://www.tripwire.com/state-of-security/mitre-framework/mitre-attck-update/

May 12, 2019May 12, 2019 David Lu Impact, MITRE, MITRE ATT&CK, MITRE Framework
  • ← How Can Health Care Innovate With Cybersecurity in Mind?
  • Israel Cyber-Attack Bombing, New Google Privacy Settings, Traditional Mail Blackmail Scam →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Think Macs Don’t Get Malware? Think Again.
How to Secure Your Cloud Investment
Mitigating Third-Party Supply Chain Breaches
What’s Scarier Than the SolarWinds Breach?
Report: The Trouble With Cloud Security
Surge in ZLoader Attacks Observed
6 Security Methods to Protect You and Your Customers
From Zero to Zero Trust: Five Tips to Simplify Your Journey
Ransomware Attacks Remain Persistent and Pervasive
Industrial Cybersecurity and the Florida Water Supply Attack with Dale Peterson

Upcoming Webinars

Mar 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mar 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mar 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Mar 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mar 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

XDR: Next-Level Prevention and Detection
Analytics & Intelligence Cybersecurity Endpoint Incident Response Industry Spotlight Security Boulevard (Original) 

XDR: Next-Level Prevention and Detection

February 25, 2021 Eyal Gruner | Yesterday 0
Breach Clarity Data Breach Report: Week of Feb. 22
Cloud Security Cybersecurity Data Security Endpoint Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Breach Clarity Data Breach Report: Week of Feb. 22

February 24, 2021 Kyle Marchini | 2 days ago 0
What’s Scarier Than the SolarWinds Breach?
Cloud Security Cybersecurity Data Security Industry Spotlight Network Security Security Awareness Security Boulevard (Original) Threats & Breaches 

What’s Scarier Than the SolarWinds Breach?

February 23, 2021 Yuval Elddad | 3 days ago 0

Top Stories

Think Macs Don’t Get Malware? Think Again.
Analytics & Intelligence Cloud Security Cybersecurity Endpoint Featured Incident Response Malware News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Think Macs Don’t Get Malware? Think Again.

February 22, 2021 Richi Jennings | 3 days ago 0
SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs

February 19, 2021 Richi Jennings | Feb 19 0
Oracle is Said to Help China Find Dissidents and Jail Minorities
Analytics & Intelligence Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response News Security Boulevard (Original) Social Engineering Spotlight 

Oracle is Said to Help China Find Dissidents and Jail Minorities

February 18, 2021 Richi Jennings | Feb 18 0

Security Humor

via   the  Comic Noggins  of   Nitrozac     and     Snaggy     at     The Joy of Tech®   !

Joy Of Tech® ‘Talking Parachute’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.