2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

ATT&CK v14 Unleashes Detection Enhancements, ICS Assets, and Mobile Structured Detections

ATT&CK v14 Unleashes Detection Enhancements, ICS Assets, and Mobile Structured Detections>
Medium – Amy L. Robertson
The ATT&CK framework has released version 14, which includes several updates and enhancements.
Here is a summary of the key points:
– The release introduces a more robust and finely-tuned knowledge base, with enhanced detection guidance for various techniques.
– The focus of this release was on Lateral Movement techniques, which now feature over 75 BZAR-based analytics.
BZAR allows defenders to detect and analyze network traffic for signs of adversary behavior based on the ATT&CK framework.
– Relationships between detections, data sources, and mitigations have been improved in this release.
The technique alignments to data sources and mitigations now better reflect effective defensive measures.
– The scope of ATT&CK has expanded to include activities adjacent to direct network interactions or impacts.
This includes deceptive practices and social engineering techniques such as Financial Theft, Impersonation, and Spearphishing Voice.
– Assets have been introduced in the ICS domain, with 14 inaugural Assets representing primary functional components of system associated with ICS.
These Assets provide in-depth definitions, mappings to techniques, and related Assets.
– Mobile coverage has also expanded to include Phishing, including SMS messaging, QR codes, and phone calls.
Mobile structured detections have been introduced, allowing users to see required inputs and analyze data to identify specific Techniques.
– The navigation bar of the ATT&CK website has been refined to enhance the user experience and ease of navigation.
– The release notes and changelogs provide detailed information about all the updates and additions.
– The ATT&CK team expresses gratitude to the contributors for their dedication in enhancing collective defenses.
Overall, the release focuses on improving detection capabilities, expanding scope, refining assets, and enhancing the user experience.
Link: https://medium.com/mitre-attack/attack-v14-fa473603f86b

Categories:

Tags: