SBN

MITRE ATT&CK: Network sniffing

Introduction

Network sniffing may conjure images of a network-based bloodhound to some, but in the world of information security, it means the ability to capture or monitor information sent over a network. Attackers and malicious hackers use network sniffing to help them in the discovery phase of an attack. This method is listed in MITRE’s ATT&CK matrix. 

This article will detail the network sniffing attack technique, explain what MITRE ATT&CK is, tell you a little about network sniffing, show some real-world examples of network sniffing and provide some tips for mitigation and detection. 

DevOps Connect:DevSecOps @ RSAC 2022

What is MITRE ATT&CK?

MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base — including cybersecurity.

To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for the cybersecurity product/service community, the private sector and government use. 

More information on the MITRE ATT&CK matrix can be found here.

A little (or more than a little) about network sniffing

Before you understand network sniffing, you have to understand how it fits into the big picture of an attack. Network sniffing belongs to the “discovery” portion of an attack. Basically, this is when attackers are trying to learn about a target network before they commit themselves to the attack. Discovery is a vital part of an attack, as this reconnaissance type of information can determine which attack techniques are used, where to attack, when to attack and more. 

Network sniffing involves using software or other interface to (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Chris Sienko. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Jvg8imu-47I/