MITRE ATT&CK is a universal catalog of adversary behaviors that sorts various tactics, techniques,
and sub-techniques used by cyberattackers to take down organizations. Procedures or implementation methods
used during a cyberattack are also mentioned in this framework.
The MITRE ATT&CK framework is unique
because it is continuously evolving through observations of real-world attacks, ensuring it is relevant to the current
scenario. This means cybersecurity experts like you and I can submit new tactics, techniques, use cases, and examples we've observed, and
contribute to MITRE ATT&CK!
The MITRE ATT&CK framework serves as a repository for organizations around the world to understand the modus
operandi of cyberattackers, and the various tactics they might employ. It also describes mitigation strategies that
organizations can adopt against each tactic.
Tactics
The MITRE ATT&CK framework breaks down an attack into several stages known as "tactics".
These tactics help us understand why a particular activity is carried out by the attacker during an attack.
For example, "reconnaissance" is a tactic performed to gather information about the victim organization.
As of June 2021, there were 14 tactics in the MITRE ATT&CK framework.
Techniques
The various methods involved in achieving a tactic are known as "techniques".
Having a clear understanding of the different techniques employed by the attackers is essential to come up with an effective cybersecurity strategy to mitigate attacks.
For example,"Search Open Websites/Domains" is one of the many techniques that can be used to perform reconnaissance on a target organization and its employees. It involves gathering information about employees' from their social media accounts and compromising email accounts.
Please note that a cybercrime may or may not involve all tactics and techniques in the MITRE ATT&CK framework.
