DARK COMMERCE: parallel economy provides easy on-ramp for would-be cybercriminals

The cybercriminal industry is evolving, with a growing shadow economy that trades goods and services in much the same way as the legitimate cybersecurity sector. Today we publish a new report and ...
What is the MITRE ATT&CK™ Framework?

The MITRE ATT&CK Framework: Impact

Not all attackers are trying to exfiltrate data. In security, we’re all familiar with CIA triad—confidentiality, availability, and integrity. While Exfiltration describes adversarial behavior with the goal of violating confidentiality, attackers may ...
OilRig / APT34 profile

TOP 5 ATT&CK techniques used by Threat Actors tied to Iran

On the 3rd of January 2020, the Iranian Major General Qasem Soleimani was killed in a US drone strike ordered by President Donald Trump at Baghdad International Airport. Since then, popular demonstrations ...

ATT&CK Structure Part II: From Taxonomy to Ontology

In Part I, I described some structural problems in MITRE’s ATT&CK adversarial behavior framework. We looked at a couple of examples of techniques that vary greatly in terms of abstraction as well ...
Figure 1 – Monero’s value in USD from December 2018 to June 2019, source - CoinGecko.com

Cryptojacking: An Unwanted Guest

We analyse a cryptojacking attack that mines the Monero cryptocurrency. The value of Monero in US dollars has more than doubled over the first half of 2019, from $46 to $98. The ...
Deriving value from the MITRE ATT&CK Threat Model

Deriving value from the MITRE ATT&CK Threat Model

| | ATT&CK, MITRE, Threat, threatQ
The MITRE ATT&CK knowledge base continues to gain traction as the defacto source for supporting business threat assessing, developing proactive cybersecurity and cyber resilience strategies. ATT&CK provides a defined understanding of the ...

Fine-Tuning Cybersecurity with the ATT&CK Framework

This Thursday, March 7, 2019, I’ll be facilitating a Learning Lab titled Fine Tuning Your Cyber-Defense Technologies with the ATT&CK Framework at the 2019 RSA Conference in San Francisco, CA. This will ...

Using ATT&CK As a Teacher

Over the past few years, I’ve had the pleasure of welcoming interns on our security research team. One of my goals was to pass on knowledge of security to these folks and ...

The MITRE ATT&CK Framework: Command and Control

Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case ...

The MITRE ATT&CK Framework: Exfiltration

Once an attacker has established access and pivoted around to the point of gathering the necessary data, they will work on exfiltration of that data. Not all malware will reach this stage ...