It has been a little bit since we dove into the MITRE ATT&CK Tactics. When we left off with Persistence, we talked about how attackers maintain their leverage by opening as many ways in as possible. All use multiple vectors to cover their bases, but it is really hard to stay a step ahead and have impact if they don’t get heightened permissions. History shows that attackers who can either disrupt, discredit, or even hijack the command structure can cause a whole new level of pain. The pinnacle of many adversaries’ tactics is to be able to issue commands as if they were a highly placed commander within their target organization. It not only grants an amplifying effect, but can also hide their activity as they exploit trust. So let’s take a look at ATT&CK’s Privilege Escalation tactic and what it means to the attacker & defender.
Continue readingTag: CTI (Page 3 of 11)
I was on the road until yesterday, but I wanted to get back on the blog and update horse. So here we are! After learning about and supporting the launch of a new solution, I got sucked into some saved news articles and blogs on the trip home that convinced me we need to rethink a lot of things to get caught up with adversaries. Ransomware operators are constantly evolving, we should too! And no one has it figured out, as we’ll see in a couple of paragraphs. So let’s think outside of the magic quadrants and waves about new ways to solve our problems.
Continue readingHey folks! After a busy week, I am finally sitting down to see what is new in the world of threat actors and trends. We’re barrelling into Friday with a lot of attention on probably THE key software vendor in the world (Microsoft), and more attention on Volt Typhoon. Yet even hardware vulnerabilities are a thing, and it just goes to show how our supply chain is riddled with dependencies. And those dependencies open doors to vulnerabilities. So let’s check in and see some of the more interesting threads!
Continue readingHappy weekend, folks! Loads of cool stuff going on in the day job, but lots chatter focused on 2 areas on opposite sides of the software ecosystem. The resourcefulness of adversaries never ceases to amaze me. Both stories offer a lot of intricate technical details, but the big takeaway is that we’re in serious trouble unless we tackle best-practices, hygiene, and find support for the massive base of open source projects. So let’s get going!
Continue readingHello folks – welcome to Part 5 of the series on MITRE ATT&CK Tactics! Today we’re talking about how adversaries maintain a foothold. Like any invading force, threat actors work hard to ensure that they get initial access, and they would rather not have to repeat that effort. Traditional aggressors most often resolve to maintaining pressure on the front once their initial attack lands. This has the effect of exhausting the defenders and ensuring they are unable to reset or respond effectively. Some attackers will leverage asymmetrical warfare elements like guerilla forces, local resistance forces, or agents to undermine defenses and guarantee access. Cyber adversaries need the same sort of effects, and that guaranteed access is arguably their highest priority. So let’s discuss the MITRE ATT&CK Persistence tactic and see why it is vital and how they might achieve it!
Continue reading