October 31, 2023
Enterprise’s New(ish) Frontier
Since its inception, ATT&CK has been dynamic, designed to catalog, categorize, and adapt to real-world adversary behaviors that primarily involve direct interaction with devices, systems, and networks. Over the past decade, this adaptability and focus has empowered defenders through consistent, threat-informed resources. As adversaries continually evolve their exploitation of human vulnerabilities, ATT&CK has expanded its scope with this release, encompassing more activities that are adjacent to, yet lead to direct network interactions or impacts. The increased range incorporates deceptive practices and social engineering techniques that may not have a direct technical component, including Financial Theft ( channel.
Reeling in Mobile Threats with Phishing & Structured Detections
With Enterprise increasing its scope a bit, Mobile has also expanded its coverage to include Phishing (Phishing:T1660), which encompasses phishing attempts through vectors including SMS messaging (“smishing”), Quick Response (QR) codes (“quishing”), and phone calls (“vishing”). Mobile Phishing features a new mitigation (M1058: Antivirus/Antimalware), to enhance anti-virus and malware defenses. Also introduced with this release, Mobile structured detections. This allows you to explicitly see the required inputs (Data Sources) for each detection, along with how to analyze the data to identify a specific Technique (detection). Structured detections are part of the ongoing endeavor to bring Mobile to parity with Enterprise.
Next up? Refining existing mitigations and working with the Mobile security community to identify new content. Get involved at #mobile_attack.
Enhancing Your Website Navigation Experience
We’ve refined the navigation bar of the ATT&CK website, streamlining its structure and content to enhance the user experience and overall ease of navigation. Over time, our navigation bar accumulated a lot of ‘stuff’, and we hope this update strikes a balance between necessary links and user needs. The updated navigation bar features a single dynamic menu display, with access to secondary links (most previously featured on the primary bar) in associated dropdown menus:
Love it? Hate it? Let us know.
Looking Forward
We want to extend our deepest gratitude to the heroes of this release — our dedicated contributors. Your relentless commitment to enhancing collective defenses are the true magic behind ATT&CK. As 2023 draws to its end, let’s keep the collaboration alive, because together, we’ll continue to ward off the threats that go bump in the night. Stay vigilant, stay curious, and stay safe — and remember, with ATT&CK, every day is a day to keep adversaries at bay.
As always, connect with us on email, Twitter, or Slack.
©2023 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22–00745–2.
ATT&CK v14 Unleashes Detection Enhancements, ICS Assets, and Mobile Structured Detections was originally published in MITRE ATT&CK® on Medium, where people are continuing the conversation by highlighting and responding to this story.
Article posted by: https://medium.com/mitre-attack/attack-v14-fa473603f86b
——————————————————————————————————————–
Infocerts, 5B 306 Riverside Greens, Panvel, Raigad 410206 Maharashtra, India
Contact us – https://www.infocerts.com
This is the article generated by feed coming from medium.com and Infocerts is only displaying the content.
