Dec 10, 2022 By Priyanka Tomar Back

MITRE Att&ck Framework Part – 2 | Att&ck Tactics

The MITRE ATT&CK framework has three different versions-

  • ATT&CK for Enterprise: Windows, Mac, Linux, and Cloud Environment.
  • ATT&CK for Mobile: iOS and Android environments.
  • ATT&CK for ICS: It focuses on the behavior of adversary while operating within the ICS network.

MitreAtt&ck Tactics– means adversary goals during attack. Tactic represents the underlying motive behind an ATT&CK technique :

  • Reconnaissance (Enterprise, ICS)- It is a pre-attack process. Adversaries try to get information using active or passive approach so that they can plan their attack strategies to penetrate into the network.
  • Resource Development (Enterprise (ICS) – the adversary establishes resource, action, strategy etc that can be used in later stages to support their operation.
  • Initial Access – The adversary tries to get into network.
  • Execution – The adversary tries to run a malicious code.
  • Persistence- The adversary tries to maintain their presence into network.
  • Privilege Escalation- The adversary tries to get advanced privileges by exploiting any existing loophole or vulnerability.
  • Defense Evasion- The adversary tries to escape detection. For example, using trusted processes to hide malware.
  • Credential Access (Enterprise, Mobile)- The adversary tries to access username and passwords.
  • Discovery – The adversary tries to figure out the environment, infrastructure etc. to plan further attacks.
  • Lateral Movement- The adversary moves through the environment, using legitimate credentials pivoting through multiple systems.
  • Collection- The adversary gathers data of interest as per their attack objective.
  • Command & Control- The adversary communicates with compromised systems to control those.
  • Exfiltration (Enterprise, Mobile) – The adversary steals the gathered data.
  • Impact – The adversary changes, interrupts, or destroys systems and data.
  • Network Effects (Mobile only) – Adversary try to intercept or manipulate network traffic.
  • Inhibit Response Function (ICS only)- Adversary use techniques to hinder the safeguards put in place for processes and products.
  • Impair Process Control (ICS only) – Adversary try to manipulate, disable or damage physical control process.

Reference: MITRE Att&ck