MITRE has released a version of its ATT&CK knowledgebase covering tactics and techniques used in attacks against industrial control systems.
MITRE’s ATT&CK, which stands for Adversarial Tactics, Techniques and Common Knowledge, is a framework widely used by cybersecurity professionals to check whether their defenses are enough to detect and block attacks.
The first ATT&CK model was released in 2013 with a focus on Microsoft Windows. Since then, it has expanded to include Linux, Mac OS, and cloud platforms. The matrix of tactics and techniques describe how attackers break into and move within systems, from initial access and exfiltration. By breaking out different tactics into specific categories, defenders can detect and block the adversary at any point during the attack. Defenders still have multiple opportunities to detect the attack after the initial entry point by looking for these tactics.
ATT&CK is regularly updated with new information about attack tactics. Last month, MITRE added, or updated, 36 techniques to cover adversary behavior against cloud-based platforms.