Exponential Increase in Cyberattacks The year 2020 shattered every record when it came to security Incidents and data breaches on private businesses and governments. The changing digital landscape is becoming a challenge to all as the threat actors have advanced themselves beyond the traditional type of attack like phishing campaigns to more sophisticated techniques. To successfully fight against them it’s imperative companies must implement the best cybersecurity practices. The Pandemic caused nightmares for all security professionals and made them reconsider their organization’s security posture & critical infrastructure. Some alarming statistics of cyberattacks include: • FBI’s IC3(Internet Crime Complaint Center) reported a 300% increase in cybercrimes reported on their portal - • Data breaches in the healthcare industry increased by 58% in 2020 – IMCGrupo Verizon • In April 2020 alone google blocked around 18 million phishing emails & malwares related to
coronavirus - Google • Cloud-based cyberattacks increased by more than 600% in the mid of April 2020 – FintechNews Cybersecurity Frameworks & Why organizations should implement them. It is believed that the best way to detect and mitigate adversaries is to understand their tactics,
techniques, and procedures. Firstly, to understand a framework in simple terms consider a
framework as a physical skeleton that gives flesh of the human body a structure in the same way
cybersecurity frameworks comprise of knowledge base with best practices to help organizations
minimize security gaps in their critical infrastructures. It also helps them to identify sensitive areas
which impose a risk of data breaches and other possibilities of compromise by threat actors. Frameworks ease the tasks like defining the processes, procedures that security professionals must do to assess, monitor, and mitigate cybersecurity risks. frameworks out there make the lives of stakeholders easier up to some extent as it helps in creating a blueprint of a cybersecurity program in an organization and implement certain underlying tasks more efficiently. It complements existing security operations like: • Prioritizing critical improvement activities
• Identifying security gaps
• Understand current security posture/status
• Look for new/revised standards There are many popular cybersecurity frameworks to name a few like , , , , . NIST CSF MITRE ATT&CK MITRE D3FEND ISO/IEC 27001 & 27002 CIS Controls Rise of Mitre ATT&CK & how it’s helping governments and enterprises in combating cyberthreats From merely phishing attempts, DDOS to APT’s and ransomware in this evolving threat landscape security leaders need to utilize each available tools & techniques to defend their organizations. This is where frameworks like MITRE ATT&CK & D3FEND come into play. is a non-profit organization that works with U.S Government & private industries with a vision to solve vital global challenges. It provides technical and engineering assistance to federal governments with their state-of-the-art solutions backed by highly skilled research teams to fight global concerns not only in the digital world but also in the battlefield, healthcare industry, and many others. They also helped Govt departments during the 9/11 attacks by lending their team’s expertise and contributing advanced technology to assist in relief & recovery at the world trade center. MITRE When talking about MITRE it would be unfair to not discuss its one of the most successful projects . MITRE developed a framework known as “ATT&CK” in 2013 which stands for Adversary, Tactics, Techniques, and Common knowledge. It provides a matrix of common tactics, techniques, and knowledge base that bad guys can use to compromise a company including – Initial access, privilege escalation, evading defense mechanisms, and lateral movement. The framework is based on TTP’s (Tactics, Techniques & Procedures). MITRE ATT&CK • – It defines the goal of an attacker “WHY” for example credential access– To get initial access Tactics • – Consider these as “HOW” of an attack for example – Threat actor may dump
the credentials to achieve unauthorized access Techniques • – These are specific methods bad actors may use for example – Using PowerShell
to inject malicious code into an executable file. Procedures Below is the MITRE ATT&CK framework matrix starting from horizontal columns left to right there
are different tactics. Under each column header techniques and sub-techniques are stated which
help in accomplishing the attack tactic. The ATT&CK framework provides a holistic view of security posture and is one of the most definitive resources of a cybersecurity plan. It is used as a prime resource by threat hunters, blue teamers to classify, prioritize security gaps and ensure the right mitigations are in place. MITRE D3FEND Framework: a complementary to ATT&CK framework It is necessary for the security engineers to know what are the threats and how bad actors are going to use them in order to exploit a critical infrastructure or corporate network but at the same time, it becomes essential to have knowledge about how they are going to address these threats from a technical/engineering perspective. MITRE framework released the framework in the month of July this year. It creates a knowledge base of counter-measures against cyberthreats and its funding efforts were backed by NSA (National Security Agency). D3FEND solves the problem of security professionals as mentioned above by providing them with the various counter techniques which can be accumulated by security architects to design a defensive and resilient security plan. It complements the ATT&CK framework which means D3FEND framework techniques can be applied to counter the practices detailed in the ATT&CK framework. D3FEND Below is a glimpse of the MITRE D3FEND Framework As we look at the above framework all the defensive techniques have been grouped horizontally
starting from left harden, detect followed by others. You can view the whole framework in detail at d3fend.mitre.org Conclusion At last, I want to conclude with my point of view that cybersecurity is similar to a game of cat and mouse because of the evolving nature of cyberattacks as well as defensive measures but if we talk about the cybersecurity frameworks not only MITRE but others as well, they surely give an edge to security professionals over the adversaries by identifying security gaps and prioritizing the defensive measures to minimize the exposure of probable attack vectors. This article was first published on Medium

MITRE ATT&CK & D3FEND Framework are Redefining Counter-efforts to Cyberattacks

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Do Honeypots Still Matter?

How Security Engineering is Changing the Cybersecurity Industry

Cybersecurity Essentials to Protect Remote Workers Online

108 Stories To Learn About Cybersecurity Tips

10 Cybersecurity Books Every Business Owner Should Read

10 Best Practices for Securing Your API

Do Honeypots Still Matter?

How Security Engineering is Changing the Cybersecurity Industry

Cybersecurity Essentials to Protect Remote Workers Online

108 Stories To Learn About Cybersecurity Tips

10 Cybersecurity Books Every Business Owner Should Read

10 Best Practices for Securing Your API

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps