If you are in the IT and/or cybersecurity, you must have heard of MITRE ATT&CK framework at least once but do you actually know what it is? Keep reading to learn! The ATT&CK network is developed by the MITRE Corp roughly seven years ago to offer crucial information, support and threat tactics to those who work in cyber security. ATT&CK framework is a living document that grows and gets updated every day.

The highly anticipated structural update to the MITRE ATT&CK framework was released July 8th, 2020. After a quiet first half of the year, it appears the ATT&CK team has been putting in lots of work into some significant redesign of the framework’s structure. This update introduces a new layer of abstraction: sub-techniques.

The MITRE ATT&CK Framework has gained a lot of popularity in the security industry over the past year. I have spent a lot of time researching the hundreds of techniques, writing content to support the techniques, and talking about the value to anyone who will listen.

Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case of ransomware. In each case of command and control, the attacker is accessing the network from a remote location. Having insight into what is happening on the network is going to be crucial in addressing these techniques.