In our first blog post, we explained what MITRE’s ATT&CK™ framework is and how it can assist with cyber security. In this blog post, we will have a closer look at how operationalizing MITRE ATT&CK with Cymulate’s BAS platform boosts organizations’ security posture.
In general, MITRE’s ATT&CK™ and Cymulate’s BAS platform are perfectly in sync, which is good news for organizations and bad news for cybercrooks. Cymulate operationalizing of MITRE ATT&CK includes all its matrix Tactics, Techniques, and Processes (TTPs). These TTPs are those an adversary would be deploying while trying to attack an organization, enabling it to assess the cyber security of an organization. This gives insight into the vulnerabilities and weak spots of the assessed organization. By showing how effective the simulated cyber-attacks are, the targeted organization can boost its preparedness for cyber-attacks before they will take place in real life.
Let’s have a closer look at some of the attack methods and strategies that malicious hackers and cyber criminals use as they are detailed in the ATT&CK™ matrix that aligns with Cymulate’s BAS platform’s capabilities:
- To gain initial access, attackers would use various techniques, such as drive-by attacks, exploiting public-facing applications, spear phishing, including attachments, links, etc.
- For execution, the attackers use techniques that result in them having control over the malicious code on a local or remote system. This tactic is often used in combination with the initial access strategies mentioned above for executing the malicious code once access is obtained, and lateral movement to expand access to remote systems on a network.
- Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures.
- Privilege escalation is the result of actions that allow hackers to get a higher level of permission on a system or network. Once those hackers have access, they can take advantage of system weaknesses to obtain e.g., local administrator or SYSTEM/root level privileges.
- Defense evasion consists of techniques that hackers use to avoid detection or defenses during all phases of their attack.
- Credential access consists of hackers using system, domain, or service credentials to assume the identity of an account to avoid detection and defenses and to create accounts for later use within the environment.
- Discovery allows hackers to gain knowledge about the system and internal network. The operating system provides many native tools that help hackers to gather usable information, e.g., stealing sensitive or financial information.
- Lateral movement enables a hacker to access and control remote systems on a network, which also allows for gathering information without needing e.g., remote access tools.
- Collection allows for identifying and gathering e.g., sensitive files from the target network prior to exfiltration.
- Exfiltration enables or helps hackers to remove files and information from the compromised network.
- Command & control allows hackers to communicate with systems under their control within the compromised network.
To recap, Cymulate is the only BAS platform vendor that provides a comprehensive drill-down of MITRE’s ATT&CK™ framework. This enables the cybersecurity, IT, and red teams of an organization to execute the different methods automatically, followed by a high-level overview of the total risk score based on the results.
For a full overview of MITRE’S ATT&CK™ Matrix, click here.
To learn more about Cymulate’s BAS platform, click here.
Test the effectiveness of your security controls against possible cyber threats with a 14-day trial of Cymulate’s platform.