Insights from MITRE ATT&CK ATTACKcon 4.0
Author: Michael Bridgeman
Consultant Managed Operational Security @Quistor
Introduction
As cybersecurity enthusiasts, the Quistor Managed Operational Security (MOS) team recently had the privilege of attending MITRE ATT&CKcon, a cybersecurity convention hosted by MITRE ATT&CK to discuss the latest cyber-attacks, threats, and the future of the industry. Since 2013, MITRE has been a provider of a globally accessible database called the ATT&CK Framework containing tactics and methods used by cyber attackers in real world incidents. Cybersecurity professionals use this database to develop threat models and methodologies to be used to prevent future attacks. Because of their contributions to the cybersecurity industry, the event has become a cornerstone for professionals seeking to deepen their understanding of adversarial tactics and techniques.
Unveiling the Latest Threat Landscape
The conference started with an insightful overview of the current threat landscape by the keynote speaker Runa Sandvik. As the founder of Granitt and her experiences from her time on the Tor Project and research into the hacking of smart rifles, Sandvik was able to provide a deep first-hand account into current and rising cybersecurity threats attackers pose to public and private sectors.
What we found remarkably interesting was Sandviks' research into the hacking of smart rifles. The rifles developed by TrackingPoint are equipped with a smart computer that enables a novice to hit remote targets that would otherwise require an expert shooter. Sandvick was able to demonstrate that these remotely accessible smart rifles, which utilize an embedded Linux computer, could be compromised by taking advantage of its Wi-Fi capabilities to gain access to the computer and alter the settings the aiming computer relies o, so that it will always miss its targets or even remove the aiming computer software making it unusable.
Deep Dive into the ATT&CK Framework
One of the highlights of the conference was the in-depth exploration of the latest changes made to the ATT&CK Framework. Since ATT&CKcon 3.0 over 100 new attack techniques have been added in addition to over 500 existing techniques being updated. The MOS team was treated to comprehensive sessions covering these updates to the Enterprise, Mobile, and Cloud matrices.
The future of the ATT&CK Framework was also discussed. MITRE's plan is to enhance its threat detection documents to include more notes and analytics to further assist in the detection of malicious activity. In addition to this, they also plan to develop their Linux platform to improve threat intelligence on Linux attack vectors, as it is a platform that is often involved in intrusions but is still a harder platform to gather intelligence on.
Real-world Case Studies
The conference featured fascinating real-world case studies presented by industry leaders and cybersecurity experts. These case studies provided a firsthand account of how organizations had faced and mitigated cyber threats using the ATT&CK Framework. For example, Tim Brown, a security research lead, spoke about a case involving credential stuffing. Credential stuffing involves attackers collecting stolen credentials from one organization, usually stolen in a data breach and sold online, to then use them to access another. The issue was resolved using the ATT&CK Framework to find login session and user account detection methods that prevent users from logging in under suspicious circumstances. The MOS team gained valuable insights into effective incident response strategies, threat intelligence utilization, and the importance of continuous security awareness.
Networking Opportunities
Beyond the structured sessions, the conference offered ample networking opportunities. Members of the MOS team had the chance to connect with like-minded members of the cyber security industry at every level, to share experiences, and exchange ideas. The collaborative atmosphere created a sense of community, emphasizing the collective effort required to tackle the dynamic challenges posed by cyber threats.
Practical Application of the ATT&CK framework
Through case studies and firsthand cyber incident/research accounts, the conference highlighted the practical application of the ATT&CK framework, displaying its effectiveness in enhancing threat detection, incident response, and overall cybersecurity posture.
Dynamic Defence is Crucial
While it is well known, ATT&CKcon further emphasized the fact that the cybersecurity industry is constantly developing with the introduction of new technologies, requiring organizations to adopt dynamic defense strategies that can adapt to emerging threats.
Conclusion
The MOS team experience at MITRE ATT&CK ATTACKcon 4.0 was not just educational but also transformative. The conference reinforced the importance of an initiative-taking and collaborative approach to cybersecurity, emphasizing the role of frameworks like ATT&CK in navigating the complex threat landscape.
Continuous improvement Using knowledge gained from the event, the MOS team will continue to improve procedures, knowing the methods used, to keep customer systems and software updated with the latest security patches to mitigate and prevent cyber-attacks.
EDR Solution Extending the range of current services, the MOS team started to offer our customers an AI-based Endpoint Detection Response (EDR) solution to provide constant monitoring of their end-user devices for threats. This will ensure that threats such as ransomware or malware are detected, quarantined, and removed before they turn into problems. Optionally, this can include 24x7 triage, prioritization, analysis, mitigation- and resolution of incidents by analysts. This will result in a more secure system landscape, further resulting in less downtime and a more productive business.
Interested in our services? Please, do not hesitate to contact us!
Before you go
Feel free to ask us any question, ask for more information or simply say hello in this contact form.