MITRE Corporation has released the tenth version of ATT&CK, its globally accessible (and free!) knowledge base of cyber adversary tactics and techniques based on real-world observations.
Version ten comes with new Data Source objects, new and changed techniques in its various matrices, key changes to facilitate hunting in ICS environments, and more.
MITRE ATT&CK v10
The most prominent change in this newest version of the framework is new objects with aggregated information about data sources.
“The data source object features the name of the data source as well as key details and metadata, including an ID, a definition, where it can be collected (collection layer), what platform(s) it can be found on, and the data components highlighting relevant values/properties that comprise the data source,” MITRE ATT&CK Content Lead Amy L. Robertson and cybersecurity engineers Alexia Crumpton and Chris Ante explained.
“These data sources are available for all platforms of Enterprise ATT&CK, including our newest additions that cover OSINT-related data sources mapped to PRE platform techniques.”
“v10 also includes cross-domain mappings of Enterprise techniques to software that were previously only represented in the ICS Matrix, including Stuxnet, Industroyer, and several others. The fact that adversaries don’t respect theoretical boundaries is something we’ve consistently emphasized, and we think it’s crucial to feature Enterprise-centric mappings for more comprehensive coverage of all the behaviors exhibited by the software,” they added.
The complete release notes for MITRE ATT&CK v10 can be found here.
About MITRE ATT&CK
There are several ways it can be used to improve organizational security, and MITRE has recently released an open source tool that allows organizations to customize their local instance of the MITRE ATT&CK database of cyber adversary behavior, as well as share their particular insights with other organizations.
CISA, the Homeland Security Systems Engineering and Development Institute (HSSEDI) and MITRE have also released best practices for cyber threat intelligence analysts to make better use of the framework-
MITRE’s ATT&CK can also be used in conjuntion with D3FEND, a knowledge base of defensive countermeasures for common offensive techniques.