MITRE ATT&CK: External remote service - Security Boulevard

SBN MITRE ATT&CK: External remote service

Introduction

If you would have told the average person fifty years ago that in the future people would be able to view what you are doing on a personal computer screen in your home or at your office, they would have thought that you were being silly at the least and crazy at the worst. But as most are aware, external remote services is the technology that we use to give us a “sci-fi movie” kind of view into the computers of others.

Attackers are well aware of this technology and regularly use it as one of their cyberattack techniques. 

DevOps Experience

This article will detail the external remote services attack technique as enumerated in the MITRE ATT&CK matrix. We will explore what MITRE ATT&CK is, what external remote services are, how attackers use external remote services and real-world examples of this attack technique, as well as mitigation and detection.

What is MITRE ATT&CK?

MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base — including cybersecurity.

To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for cybersecurity product/service community, the private sector and government use. 

More information on the MITRE ATT&CK matrix can be found here.

What are external remote services?

External remote services are access mechanisms that allows users in external locations to connect to internal organization network resources. These services are not limited to one mechanism but rather are composed of a collection of different services including Virtual Private (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/zeIpZrNoOkc/

Techstrong Group