What is MITRE ATT&CK

What is MITRE ATT&CK and How Can it Be Used Effectively?

According to Cybercrime magazine, by the end of 2025, cybercrime will cost the world $10.5 trillion annually. Therefore, there is a dire need for preparedness, and in a step towards that, in 2015, MITRE made ATT&CK (which stands for Adversarial Tactics, Techniques, and Common Knowledge), a U.S. government-funded, open-source, non-profit organization, available to the public. Moreover, it is associated with many top-secret and commercial projects for numerous agencies. So, what is MITRE ATT&CK and how does it impact us? Let’s dive in. 

explore online cyber security courses

What Does MITRE ATT&CK Mean?

MITRE, the non-profit public interest company that came up with ATT&CK, wanted to make the virtual world safer. Therefore, ATT&CK is a knowledge base used as the starting point for creating threat models and approaches in many sectors.

What is MITRE ATT&CK, and How is it Useful?

MITRE ATT&CK is a knowledge-based framework of adversary tactics and techniques based on real-world observations. Also, ATT&CK is a structured list of cyber attackers‘ behaviors and patterns in the form of matrices comprising tactics and techniques. Therefore, it is used by organizations, both offensively and defensively, to overcome their system security vulnerabilities. 

MITRE has segregated ATT&CK into three different matrices:

To understand how it works better, we need to look at what MITRE ATT&CK techniques and tactics are.

What are MITRE ATT&CK Techniques and Tactics?

A tactic here refers to what the attackers are trying to achieve. Also, the technique is how to achieve that goal. It may be a single step or a combination of multiple strategies to complete the attacker’s mission. The tactics section also lists various techniques which the attacker may use depending on numerous variable factors. 

As an example, a total of 14 tactics are cataloged in the Enterprise Matrix. 

  1. Reconnaissance refers to tactics in which enemies actively or passively collect information
  2. Resource development refers to strategies in which attackers create, purchase, or compromise/steal resources that may be utilized to enable targeting vulnerabilities
  3. Initial access consists of various techniques to gain initial entry into the targeted company’s network
  4. Execution implies the adversary is running malicious code in your systems locally or remotely
  5. Persistence is for maintaining their foothold in your systems and not letting go of access
  6. Privilege escalation means the attackers use techniques to gain higher-level access by leveraging your vulnerabilities
  7. Defense evasion is where adversaries avoid getting detected throughout their compromise
  8. Credential access is when an attacker steals credentials for their benefit
  9. Discovery is when the adversary tries to figure out your internal network workings
  10. Lateral movement refers to strategies used by attackers to access and control distant systems on a network
  11. Collection refers to the techniques adversaries may employ to acquire information and the sources from which data is gathered that are useful in carrying out the adversary’s aims
  12. Command and control refer to a technique in which communication may be used to control compromised systems. 
  13. Exfiltration refers to the stealing of data from the compromised system
  14. Impact is where the manipulation, interruption, or destruction of your system and data is carried out

Similarly, the Mobile matrix has 13 tactics, and the ICS 12.

What Does MITRE Stand for?

Contrary to common misconception, MITRE is not an acronym. For example, it was thought of as an acronym for the Massachusetts Institute of Technology Research and Engineering. However, James McCormack (an early board member of MITRE) clarified that he wanted the name to mean nothing and merely sound evocative.

Now that you have a basic understanding of what is MITRE ATT&CK’s worth for a safer virtual world, you may want to learn more about cybersecurity. For that, you can explore Emeritus’ rich repository of online cybersecurity courses and become part of the effort of keeping the virtual world safer.

By Siddhesh Shinde

Write to us at content@emeritus.org

cybersecurity banner new

Share This

Copy Link to Clipboard

Copy