MITRE’s ATT&CK framework is for ever evolving. The latest October update extends enterprise coverage to the cloud and enlarges a considerable list of cloud-specific adversarial techniques. The cloud has seen mind-blowing growth over the past few years, as it offers businesses flexibility, reliability and cost-savings. Along with this excrescence comes new security risks and high value targets for nation structure actors and cyber criminals.
In 2014, source code hosting provider Maxims Spaces was forced to shut down after an attacker gained access to its AWS IAM and destroyed its undiminished cloud infrastructure. More recently, a software engineer was arrested after pilferage sensitive data, including details pertaining to 106 million trust card applications, from Capital One though a misconfigured AWS S3 bucket.
As the cloud infers over, security practices and understanding needs to evolve. ATT&CK’s enterprise podium categorization now includes Windows, MacOS, Linux, AWS, GCP, Azure, Office 365, Azure AD and SaaS. The 36 initial facilities for cloud include, for example, Data from Cloud Storage Destination, which is applicable in the second example above.
MITRE’s ATT&CK framework has already evolved positively a bit this year. Previously, enterprise ATT&CK was primarily focused on information stealing — confidentiality and data exfiltration. The Impact Tactic was introduced to address condemnatory, disruptive and resource hijacking techniques — all of which are particularly relevant to cloud commitments. Mitigations were changed from text fields to objects, sketching independent entities. This is an improvement in the structure of the taxonomy.
There are a sprinkling eagerly anticipated changes and additions on the horizon. PRE-ATT&CK techniques purpose be classified under two new Tactics, uniting PRE-ATT&CK and ATT&CK. Further, ATT&CK ICS for industrial supervise systems and — the update I’m most looking forward to — ATT&CK sub-technique restructuring are both in the elaborates.
It’s notable that community input was the primary driver of the initial set of cloud aptitudes. We are excited to see the MITRE ATT&CK community grow and share their knowledge of the new attack behaviors.
Here’s the complete list of the 36 techniques with cloud-specific text: