ATT&CK

DARK COMMERCE: parallel economy provides easy on-ramp for would-be cybercriminals

| | ATT&CK, Blog, Malware, research, Threat Context, Threat Intelligence
The cybercriminal industry is evolving, with a growing shadow economy that trades goods and services in much the same way as the legitimate cybersecurity sector. Today we publish a new report and ...
Blueliv
What is the MITRE ATT&CK™ Framework?

The MITRE ATT&CK Framework: Impact

| | ATT&CK, Featured Articles, Impact, MITRE, MITRE Framework
Not all attackers are trying to exfiltrate data. In security, we’re all familiar with CIA triad—confidentiality, availability, and integrity. While Exfiltration describes adversarial behavior with the goal of violating confidentiality, attackers may ...
The State of Security
OilRig / APT34 profile

TOP 5 ATT&CK techniques used by Threat Actors tied to Iran

| | ATT&CK, Iran, research, threat actors, Threat Context, Threat Intelligence
On the 3rd of January 2020, the Iranian Major General Qasem Soleimani was killed in a US drone strike ordered by President Donald Trump at Baghdad International Airport. Since then, popular demonstrations ...
Blueliv

ATT&CK Structure Part II: From Taxonomy to Ontology

| | ATT&CK, MITRE, MITRE Framework, onotology
In Part I, I described some structural problems in MITRE’s ATT&CK adversarial behavior framework. We looked at a couple of examples of techniques that vary greatly in terms of abstraction as well ...
The State of Security
Figure 1 – Monero’s value in USD from December 2018 to June 2019, source - CoinGecko.com

Cryptojacking: An Unwanted Guest

| | ATT&CK, backdoor, Bromium Labs, coin miner, coinminer, crypojacking, Cryptojacking, CVE-2017-8464, doublepulsar, EquationDrug, EquationGroup, EternalBlue, ETERNALCHAMPION, EternalRomance, Exploit, Malware, masscan, Mimikatz, MITRE, Monero, nsa, ShadowBrokers, SmbTouch, SMBv1, T1031, T1035, T1050, T1053, T1058, T1065, T1089, T1094, T1095, T1105, T1107, T1112, T1128, T1129, TA0001, TA0002, TA0003, TA0004, TA0005, TA0006, TA0007, TA0008, TA0009, TA0010, TA0011, TA0040, techniques, threats, trojan, Winpcap, XMR
We analyse a cryptojacking attack that mines the Monero cryptocurrency. The value of Monero in US dollars has more than doubled over the first half of 2019, from $46 to $98. The ...
Bromium
Deriving value from the MITRE ATT&CK Threat Model

Deriving value from the MITRE ATT&CK Threat Model

| | ATT&CK, MITRE, Threat, threatQ
The MITRE ATT&CK knowledge base continues to gain traction as the defacto source for supporting business threat assessing, developing proactive cybersecurity and cyber resilience strategies. ATT&CK provides a defined understanding of the ...
IT Security Expert Blog

Fine-Tuning Cybersecurity with the ATT&CK Framework

| | ATT&CK, events, MITRE Framework, RSA Conference, rsac, security
This Thursday, March 7, 2019, I’ll be facilitating a Learning Lab titled Fine Tuning Your Cyber-Defense Technologies with the ATT&CK Framework at the 2019 RSA Conference in San Francisco, CA. This will ...
The State of Security

Using ATT&CK As a Teacher

| | ATT&CK, MITRE, MITRE Framework, Secuirty
Over the past few years, I’ve had the pleasure of welcoming interns on our security research team. One of my goals was to pass on knowledge of security to these folks and ...
The State of Security
What is the MITRE ATT&CK™ Framework?

The MITRE ATT&CK Framework: Command and Control

| | ATT&CK, Command And Control, MITRE, MITRE Framework
Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case ...
The State of Security
What is the MITRE ATT&CK™ Framework?

The MITRE ATT&CK Framework: Exfiltration

| | ATT&CK, exfiltration, Featured Articles, MITRE, MITRE Framework
Once an attacker has established access and pivoted around to the point of gathering the necessary data, they will work on exfiltration of that data. Not all malware will reach this stage ...
The State of Security
Load more