Top 10 most used MITRE ATT&CK tactics and techniques

Which tactics and techniques are cyber attackers favoring? vFeed has compiled a list of the Top 10 Most Used MITRE ATT&CK Tactics and Techniques to help security teams focus their defenses more effectively.

MITRE ATT&CK helps understand attacker behavior

The MITRE ATT&CK framework is a well known and widely used knowledge base of cyber adversary tactics, techniques and procedures, and is based on observations on real-world attacks.

The framework applies to the following technologies:

• Enterprise IT systems: Windows, macOS, and Linux
• Cloud systems: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Software-as-a-Service (SaaS), Office 365, and Azure Active Directory (Azure AD)
• Mobile devices: Android and iOS

MITRE ATT&CK can be used to develop threat models, emulate adversaries, help security operations, improve organizational security, verify defenses, develop security arthitecture, and so on.

What are the most used MITRE ATT&CK tactics and techniques?

vFeed, a security outfit that collects and correlates hundreds of data sources to provide an actionable vulnerability and threat intelligence feed, has compiled the list of the tactics and techniques cyber attackers are lately most partial to:

The list shows that the most used tactic is Defense Evasion, which means that companies should focus on hardening and patching their infrastructure, notes NJ Ouchn, founder of vFeed.

“We’ve mapped the relationship between this list and the list of the Top 10 most exploited vulnerabilities from 2020 and it shows that 70% of the latter have a connection with this ATT&CK list, which confirms the value of this advice.”

The ATT&CK list also shows that Windows is the most attacked platform and that file system access controls and system access controls were the most bypassed defense controls, a finding that supports the need for system hardening.