Mitre ATT&CK updated version includes a new layer of abstraction: sub-techniques
Corporate hacking attacks and data breaches are rising rapidly so many organizations are increasingly adopting MITRE ATT&CK as a foundational element to their security programs. However, over the years many top security researchers had felt that MITRE ATT&CK had unevenness of abstractions. To counter this, the dev team has released the new version of the MITRE ATT&CK v7 knowledge base. The new knowledge base has many new sub-techniques like “Techniques”, “Groups” and “Software” for both ATT&CK for Enterprise and ATT&CK for Mobile.
For those who are not from the IT security sector, the Mitre ATT&CK framework is a comprehensive matrix of tactics and techniques used by threat hunters, red teamers, and defenders to better classify attacks and assess an organization’s risk. The aim of the MITRE ATT&CK is to give enterprises an instant snapshot illustrating the actions the hacker or cybercriminal may have taken.
Mitre ATT&CK gives a quick knowledge base of how did the attackers get in or how are they moving around in the enterprise network The knowledge base is designed to help answer those questions while contributing to the awareness of an organization’s security posture at the perimeter and beyond. Organizations use the MITRE ATT&CK framework to identify holes in defenses and prioritize them based on risk.
Over the years many security researchers have suggested that Mitre should widen the taxonomy to include sub-heads. With enterprise attack techniques growing, ATT&CK had to be updated to keep up with growing corporate security needs.
The MITRE ATT&CK v7 enterprise version contains sub-techniques that attackers could use. The MITRE ATT&CK v7 is available on the MITRE website, via ATT&CK Navigator , as STIX or download from the TAXII server.
If you want the MITRE ATT&CK v6, you can get it here.