MITER y su framework MITER ATT&CK

Along the way, the daily and continuous work of the fight against cyber threats and in favor of a better level of cybersecurity , MITER , and its framework MITER ATTACK (MITRE ATT&CK) , form another framework of action that suggests the application of a series of effective techniques, tactics, tools and methodologies.

MITER is a non-profit organization for solving problems of all kinds through technology. In the case of cybersecurity , MITER provides tools and frameworks that help defend against cyber threats .

MITER is an acronym that means " Massachusetts Institute of Technology Research and Engineering ", which is neither more nor less than the organization that created it in 1958, funded by NIST ( National Institute of Standards and Technology) .

On the other hand, MITER ATT&CK stands for " Adversarial Tactics, Techniques, and Common Knowledge ", this being the MITER framework, in the case of cybersecurity , which focuses on what They are called tactics and techniques used by cybercriminals .

The term " ATT&CK ", indicates ATTACK , referring precisely to those techniques and tactics used by cybercriminals :

• The tactics refer to the general objectives of a cyber attack.
• The techniques describe the specificactions used by cybercriminals toachieve those objectives.

That is why MITER ATT&CK serves as an invaluable guide to understanding how cybercriminals work and function, as well as learning how to defend against them. To enable this, the framework provides a detailed structure that helps organizations evaluate and improve their cybersecurity posture .

And how it works? MITER ATT&CK breaks down cyber attacks into tactics and techniques used by attackers, and these are organized into a matrix that allows organizations to understand how cyber attacks are carried out and how to defend against them.

Knowing this matrix, MITER ATT&CK is used as a guide to evaluate the organization's cybersecurity posture, identifying possible areas of improvement . Organizations can use the framework to develop more effective defense strategies and improve resilience against cyberattacks .

So, isn't MITER the same as MITER ATT&CK ? No, it is not the same, although they are obviously closely related.

• MI T RE is the organization that developed MITER ATT&CK , which covers a wide range of research and development activities, in different areas, of various types and nature, beyond cybersecurity and much more broadly.
• MITER ATT&CK , however, focuses specifically on cybersecurity , providing a framework to understand cybercriminals and how they operate, as well as training to defend against their cyberthreats .

MITER ATT&CK provides specific matrices for different areas of operation:

• Company (Enterprise).
• Mobile (Mobile).
• Industrial Control Systems (ICS) / Industrial Control Systems (ICS).

These arrays are designed to address tactics and techniquesused in each of these specific environments (business, mobility and industrial environment).

As we said, MITER ATT&CK tactics are the objectives that are intended to be attacked in a cyberattack , in a generic way. These tactics are broken down and describe the objectives that a cybercriminal will try to achieve during a cyberattack .

Any of these objectives that comprise the tactics, are as follows:

• Getting initial access.
• Execution.
• Privilege Escalation.
• Code execution.
• Persistence.
• Defense Evasion.
• Access to Credentials.
• Discovery.
• Lateral movement.
• Collection.
• Data exfiltration.
• Impact.

In turn, techniques are specific actions carried out by cybercriminals to achieve their tactical objectives. These techniques describe how cybercriminalscarry out their cyberattacks and, therefore, provide detailed information of enormous value about their possible actions.

Some of these actions that comprise the techniques (which are more than 300) are as follows:

• Phishing.
• Command and Control.
• Credential Dump.
• SQL injection.
• Vulnerability Exploitation.
• Exploitation for Client Execution.
• Remote Desktop Protocol.
• Using remote administration tools.
• …

On the other hand,ATT&CK Navigator is a web tool that allows you to navigate to exploit ATT&CKmatrices, which can be used to display thedefensive coverage, planning of the Read Team and Blue Team, the frequency of the detected techniques and some more parameters.

Cyber threat modeling is an essential part of a proactive approach to cybersecurity , and in that regard, the MITER ATT&CK framework is an invaluable tool that organizations can use, along with cyber threat modeling , to identify potential attack vectors and tactics used by cyber threat actors .

In short, MITER and its MITER ATT&CK framework are enormously important resources to “ know how to fight appropriately ” against cyber threats and cybercriminals .

To do this, they provide a structure that allows you to understand the operation cybercrimeand defend against it. The use of this framework allows the improvement of risk mitigation in companies .

If you want to know more details you can consult:

• La página web de MITRE.
• La página web del framework MITER ATT&CK.

Could MITER ATT&CK be useful in your company? We can help you. Talk later? Zerolynx .

Consult all Zerolynx cyber security and cyber intelligence services .

Or, if you prefer, do not hesitate to contact us .

Iñigo Ladrón Morales, Content Editor for Zerolynx.