MITRE ATT&CK

FRAMEWORK

- Nirali N Malvaniya
[Enrollment no: 240043001049]
Content:
• What is a MITRE ATT&CK framework?
• Understanding MITRE ATT&CK framework
• History of MITRE ATT&CK framework
• Matrices of MITRE ATT&CK framework
• Key Components of MITRE ATT&CK framework
• Why is important?
WHAT IS MITRE ATT&CK
FRAMEWORK ?

• MITRE ATT&CK is a globally-accessible knowledge base of adversary

tactics and techniques based on real-world observations.

• The ATT&CK knowledge base is used as a foundation for the

development of specific threat models and methodologies in the
private sector, in government, and in the cybersecurity product and
service community.
UNDERSTANDING MITRE ATT&CK
FRAMEWORK
• MITRE ATT&CK is a framework that comprehensively understands
cyber adversary tactics and techniques. Originating from the MITRE
Corporation, this globally recognized knowledge base is an invaluable
tool for cybersecurity professionals aiming to fortify their defenses
against sophisticated cyber threats.

• MITRE ATT&CK catalogs an extensive array of tactics, techniques, and

procedures (TTPs) employed by cyber adversaries, providing a
structured approach to cyber threat modeling and defense strategy
development.
HISTORY OF MITRE ATT&CK
FRAMEWORK

• It was created by MITRE FOUNDATION

• It was developed as part of an MITRE research project in 2013 to

document the TTPs advanced persistent threat (APT) groups use
against enterprise businesses.
MAIN MATRICES OF MITRE ATT&CK
FRAMEWORK
• The three main matrices of the MITRE ATT&CK Framework are the
Enterprise Matrix, Mobile Matrix, and ICS (Industrial Control Systems)
Matrix. Each matrix serves as a roadmap, guiding cybersecurity
professionals through the complex landscape of adversary behaviors
and attack patterns specific to different environments
Enterprise
MAIN Mobile
MATRICES OF MITRE ATT&CK
Matrix
FRAMEWORK Matrix

ICS Matrix
ENTERPRISE MATRIX
• The Enterprise matrix, focuses on tactics and techniques that
adversaries use against Windows, macOS, and Linux systems. It
outlines a variety of tactics, from initial access and execution to
command and control and exfiltration, providing a granular view of
potential attack vectors within corporate networks. This matrix is
instrumental for organizations in identifying vulnerabilities, enhancing
detection capabilities, and fortifying their defenses against
sophisticated cyber threats.
MOBILE MATRIX
• This matrix addresses unique mobile-specific concerns, such as
exploiting operating system features or apps to gain unauthorized
access and information. It is an essential tool for understanding the
evolving tactics used in mobile environments, helping security teams
develop robust strategies for protecting sensitive data on mobile
devices.
ICS MATRIX
• The ICS matrix highlights cyber threats within industrial environments
where operational technology (OT) is prevalent. It highlights
adversaries' tactics and techniques to disrupt, control, or damage
industrial processes. This matrix is crucial for safeguarding critical
infrastructure, as it provides insights into the intersection of cyber and
physical security, enabling the implementation of effective
countermeasures against threats to industrial operations.
KEY
TACTICSCOMPONENTS
TECHNIQUES OF MITRE
ATT&CK FRAMEWORK
• The MITRE ATT&CK framework is a critical resource in cybersecurity. It
PROCEDURES
provides a comprehensive matrix of threat actors' tactics, techniques,
and procedures. Built on the security community's shared knowledge,
it helps organizations understand and mitigate rapidly evolving cyber
threats, enhancing their security posture.
TACTICS
• Tactics represent the “why” of an ATT&CK technique or sub technique. Each
tactic represents a specific goal an attacker aims to achieve, such as gaining
initial access to a system, executing malicious code, or exfiltrating data.

• These tactics are not standalone; they form an interconnected web of

potential attack methodologies that adversaries can adapt and combine based
on their objectives and the target environment.

• ENTERPRISE MATRIX TACTICS

• MOBILE MATRIX TACTICS
• ICS MATRIX TACTICS
TECHNIQUES
• Delving deeper into the MITRE ATT&CK framework reveals a
sophisticated matrix of techniques and sub-techniques that serve as
the building blocks for the tactics outlined in the previous section.
Each technique provides a detailed overview of cyber adversaries'
methods to achieve their tactical objectives.

• These techniques are further broken down into sub-techniques,

offering a more granular view of the attacker's arsenal and
showcasing the specific actions taken to execute a broader strategy.
PROCEDURES
• Procedures are the specific implementations adversaries use to
execute a technique or sub-technique.
• In the ATT&CK framework, procedures are categorized as techniques
observed in the "Procedure Examples" section of the technique
pages.
REFERENCES:
• https://attack.mitre.org/

• https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack
#:~:text=It%20was%20established%20to%20provide,groups%20use%
20against%20enterprise%20businesses.