What's New with ATTACK for ICS?

•

0 gefällt mir•451 views

This document summarizes recent updates and future plans for ATT&CK for ICS, which provides threat modeling for industrial control systems. Key points include: new mitigation techniques have been added and mapped to standards; ATT&CK for ICS is now represented in STIX and the ATT&CK Navigator; additional ICS data sources will be profiled; and real-world ICS attacks will be mapped to enterprise attack techniques. Feedback is sought on how to improve ATT&CK for ICS and its use of mitigations and characterization of data sources.

Regierungs- und gemeinnützige Organisationen

©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
What’s New with ATT&CK® for ICS?
Otis Alexander
https://attack.mitre.org/ics
@ojalexander

©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17

©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
ATT&CK for ICS Mitigations
https://collaborate.mitre.org/attackics/index.php/Mitigations
• M0800-M0816 are new to ATT&CK for ICS
• Each mitigation has mappings to IEC 62443 and NIST SP 800-53
• Mitigations target the following stakeholders:
• Asset owner/operators
• Integrators
• Device vendors
• Security vendors
• There is a significant focus on protecting operational and
management interfaces of embedded controllers

©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
STIX and Navigator Integration
•As part of ATT&CK v8, we released ATT&CK for ICS in
STIX
https://github.com/mitre/cti/tree/master/ics-attack
•A new version of ATT&CK Navigator was released as
well where you can pick the ICS domain
https://mitre-attack.github.io/attack-navigator/

©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
Updates to Data Sources
• Maintaining visibility into ICS networks is essential for
quickly detecting and remediating cyber threats.
• Understanding the various data sources that are available in
ICS networks is key to this endeavor. Network traffic is a
popular source of data in ICS networks but there are other
valuable sources of data that are often overlooked.
• Embedded device logs
• Application logs
• Operational databases

©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
Data Sources
Configuration
• Firmware
version
• System settings
• Control logic
• Parameters
Performance and
Statistics
• CPU, memory,
disk, ethernet,
etc.
• Network
connection
information
Process
Information
• I/O values
associated with
tags
• Alarms and
faults (e.g.,
digital fault
recorder)
• Events (e.g.,
command
execution)
• Process quality
(e.g., phasor
measurement
unit)
Asset
Management
• Condition-based
monitoring
• Predictive
maintenance
• Work order
system
Physical
• Physical sensors
(e.g., tamper
detection)

©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
ICS Attacks Mapped to Enterprise
• We’re currently working on mapping the following ICS attacks:
• Stuxnet
• Ukraine 2015
• Industroyer
• Triton
• Adversaries do not respect theoretical boundaries (i.e., IT/ICS)
so it is important to have a deep understanding of how IT
platforms are leveraged to access and impact ICS.

©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
We Need Your Help!
•How can we improve ATT&CK for ICS?
•How are you currently using mitigations?
•Do you have any opinions on our data
source focus?

©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
attack@mitre.org
@MITREattack
Otis Alexander
@ojalexander

Weitere ähnliche Inhalte

Was ist angesagt?

MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour November 2020 By: Jamie Williams, Lead Cyber Adversarial Engineer, MITRE Mike Hartley, Lead Cybersecurity Engineer, MITRE In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, 2020 Jamie Williams and Mike Hartley from MITRE discuss the process for merging PRE-ATT&CK and adding two new tactics to Enterprise ATT&CK – Reconnaissance and Resource Development.

Putting the PRE into ATTACK

MITRE - ATT&CKcon

Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...

NetworkCollaborators

ATT&CK Updates- ATT&CK for ICS

MITRE ATT&CK

Accelerating Digital Leadership

M2M Alliance e.V.

MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...

MITRE - ATT&CKcon

If you follow the trade press, one theme you hear over and over again is that organizations are drowning in alerts. It’s true that we need technological solutions to prioritize and escalate the most important alerts to our analysts, but the humans have a critical part to play in this process as well. The quicker they are able to make decisions about the alerts they review, the better they are able to keep up. An incident responders’ most common task is alert triage, the process of investigation and escalation that ultimately results in the creation of security incidents. As crucial as this process is, there has been remarkably little written about how to do it correctly and efficiently. In this presentation, learn incident response best practices from Sqrrl security expert, David Bianco.

The Art and Science of Alert Triage

Sqrrl

Smart City Lab 3 - Publishing Data from your Sensor

Peter Waher

Cloud Access Security Brokers - What's all the Hype

JoAnna Cheshire

Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats

SBWebinars

Webinar: Adaptive Security

Blueliv

What incentives do you have, to allow others use your devices that you’ve invested in to provide data to your systems? Allowing third parties access to your devices places load on them, possibly degrading your own system performance. It also allows your competitors to provide competing services, without having to invest in devices. The lack of incentives to allow others to access devices creates closed verticals, or silos. Competing companies must install duplicate devices doing the same thing, to be able to provide a similar service. This is not smart. Being able to reutilize existing devices for new applications is vital to realizing the Smart City. Apart from avoiding unnecessary spending, it allows for smarter use of existing resources. It also allows cross-domain fertilization, creating new types of opportunities, not in the scope of existing companies. To provide incentives for device owners to allow access to their devices by third parties, IEEE IoT Harmonization provides a means for owners to publish contracts for their devices. Anyone accepting the conditions gain access to the devices. The infrastructure maintains a record of usage, issues transactions and provides an economic feedback, based on usage, back to the owners of the devices. In this model, it can become lucrative to be a thing o data publisher. Multiple consumers get a natural way to split the costs of common hardware, based on usage. Constrained resources can be naturally divided between consumers.

Smart City Lecture 6 - Earning by Sharing in the Smart City

Peter Waher

Symantec Webinar | Tips for Successful CASB Projects

Symantec

WeSecure Data Security Congres: 5 must haves to safe cloud enablement

WeSecure

Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations. This presentation covers the top Office 365-specific five CASB use cases that have the highest impact on cloud-consuming enterprises.

5 Highest-Impact CASB Use Cases - Office 365

Netskope

Data Privacy, Security, and Sovereignty in a Cloudy World

Netskope

Becoming a Yogi on Mac ATT&CKwith OceanLotus Postures

Adam Pennington

SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg

Splunk

MalCon Future of Security

Netskope

SIEM game changer

Security Dialog

Was ist angesagt? (20)

MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE

Putting the PRE into ATTACK

Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...

ATT&CK Updates- ATT&CK for ICS

Accelerating Digital Leadership

MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...

The Art and Science of Alert Triage

Smart City Lab 3 - Publishing Data from your Sensor

Cloud Access Security Brokers - What's all the Hype

Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats

Webinar: Adaptive Security

Smart City Lecture 6 - Earning by Sharing in the Smart City

Symantec Webinar | Tips for Successful CASB Projects

WeSecure Data Security Congres: 5 must haves to safe cloud enablement

5 Highest-Impact CASB Use Cases - Office 365

Data Privacy, Security, and Sovereignty in a Cloudy World

Becoming a Yogi on Mac ATT&CKwith OceanLotus Postures

SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg

MalCon Future of Security

SIEM game changer

Ähnlich wie What's New with ATTACK for ICS?

Introduction to Industrial Cybersecurity for Water and Waste Water Operators

Sean R. Bouchard, P.Eng

MAJiK Systems are the creators of a cloud-based factory and manufacturing monitoring platform. Their Visual Factory solution helps their customers monitor, analyze, and optimize operations by providing real-time plant floor analytics. They aim to provide insights into root cause analysis of downtime, quality issues and other production slowdowns. Clients have seen reduction in equipment downtime of 35-45% and reductions of waste and scrap of 7-10%. Discover how MAJiK uses a time series data platform to continuously improve overall equipment effectiveness (OEE) within factories. Join this webinar as Jared Evans dives into: MAJiK's approach to data-driven Industry 4.0 monitoring Industrial IoT best practices - including when to use specific protocols (Modbus, OPC-UA, MQTT, Ethernet/IP, or S7 TIA) How data from Programmable Logic Controllers (PLCs) can be integrated into InfluxDB - which helps process engineers monitor the telemetry of any automated process or production method

How to Digitize Industrial Manufacturing with Azure IoT Edge, InfluxDB, and M...

InfluxData

Tomas_Votruba_-_CP_ICS_Solution_for_CI_and_Industrial (1).pptx

TefElbert

Presented by: Gib Sorebo, SAIC Abstract: For the last few years, energy companies, particularly electric utilities, have been scrambling to meet the onslaught of cybersecurity regulations. However, hackers don’t follow regulations, so the need to rapidly address evolving threats is imperative to meet expectations of senior leadership, board members, and shareholders. This session will discuss how a mature governance structure and a cybersecurity strategy based on a comprehensive understanding of business risk can be used to address threats, comply with regulations, and obtain support from company stakeholders.

Cybersecurity for Energy: Moving Beyond Compliance

EnergySec

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

ThousandEyes

EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

ThousandEyes

The Future of Cybersecurity in Energy Sector

acinfotec

Mercom Capabilities 2015.ppt

Christopher Rowson

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

ThousandEyes

Security Design Considerations Module 3 - Training Sample

Content Rules, Inc.

To accelerate development of your IOT solutions and products we provide Specialized engineering services across the entire IOT development cycle from consulting, device engineering, cloud and mobility application development, data analytics, and support & maintenance. We are having functional expertise and competency to provide standardized solutions for industrial automation and industry 4.0. Delivering tailor-made solutions that users can simply ease into with unparalleled expertise in design engineering, factory testing and commissioning of DCS, SCDA and PLC system has created benchmark and gained expert in oil and gas, pharmaceutical industry, automotive manufacturing sector, food & beverages, petrochemical and chemical industry.

VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...

voltriosolutions

APT saw the new CA state law SB-327 requiring CyberSecurity for all Internet-connected devices coming for 2020 and started to prepare for it after it passed in late 2018. Though the bill does not require protection of existing infrastructure, we believe customers will want to address the CyberSecurity concerns with the purchase of ANY new electrical meter, gateway, trip unit, relay, or connected electrical device. Our strategy includes new components and new services for a complete solution. APT has focused on upgrading two (2) certified secure components to the customer’s network: 1.Secure Serial to Ethernet gateways. 2.Secure Ethernet switches. APT has focused on providing on-site services for each customer to comply with the requirements of SB-327 of every connected electrical device. These services include: 1.Assessment of customer’s electrically connected devices, networks, and infrastructure. 2.Installation of new secure Serial to Ethernet gateways and secure Ethernet switches at strategic locations at the customer’s site. 3.Procedures for the physical change of each device’s default password. 4.Compliance stickers for the devices that have been secured.

AEE Cybersecurity for the IOT in Facility Energy Distribution Slides

Andy Taylor

CCSA Treinamento_CheckPoint.pptx

EBERTE

Penetration Testing as an auditing tool

syrinxtech

Chapter 1 Exploring the Network. Intoduction.pptx

KennedyRodriguez10

The IoT has exploded over the past years and will continue to grow. To handle mission-critical workloads and act as an enabler driving innovation at rapid scale, IoT demands a lot of capacity. What if you could deliver on the vision of constant experimentation and innovation at the speed of light? What if you could differentiate yourself from your competitors by innovating more quickly and releasing new products and services faster? Talking about fast, how do you make this possible from an infrastructure perspective? We need infrastructure beyond scalability and availability. How is this achieved?

Io t presentation

Johan Odell

Vadim Bardakov - AVR & MSP exploitation

DefconRussia

Creating a successful IoT product with MediaTek Labs

MediaTek Labs

MITRE ATT&CK Updates: ICS

MITRE ATT&CK

Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...

Honeywell

Ähnlich wie What's New with ATTACK for ICS? (20)

Introduction to Industrial Cybersecurity for Water and Waste Water Operators

How to Digitize Industrial Manufacturing with Azure IoT Edge, InfluxDB, and M...

Tomas_Votruba_-_CP_ICS_Solution_for_CI_and_Industrial (1).pptx

Cybersecurity for Energy: Moving Beyond Compliance

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

The Future of Cybersecurity in Energy Sector

Mercom Capabilities 2015.ppt

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

Security Design Considerations Module 3 - Training Sample

VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...

AEE Cybersecurity for the IOT in Facility Energy Distribution Slides

CCSA Treinamento_CheckPoint.pptx

Penetration Testing as an auditing tool

Chapter 1 Exploring the Network. Intoduction.pptx

Io t presentation

Vadim Bardakov - AVR & MSP exploitation

Creating a successful IoT product with MediaTek Labs

MITRE ATT&CK Updates: ICS

Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...

Mehr von MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour January 2021 By Valentine Mairet, Security Researcher, McAfee The MITRE ATT&CK framework is the industry standard to dissect cyberattacks into used techniques. At McAfee, all attack information is disseminated into different categories, including ATT&CK techniques. What results from this exercise is an extensive repository of techniques used in cyberattacks that goes back many years. Much can be learned from looking at historical attack data, but how can we piece all this information together to identify new relationships between threats and attacks? In her recent efforts, Valentine has embraced analyzing ATT&CK data in graphical representations. One lesson learned is that it is not just about merely mapping out attacks and techniques used into graphs, but the strength lies in applying different algorithms to answer specific questions. In this presentation, Valentine will showcase the results and techniques obtained from her research journey using graph and graph algorithms.

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour January 2021 By Adam Pennington, ATT&CK Lead, MITRE Adam leads ATT&CK at The MITRE Corporation and collected much of the intelligence leveraged in creating ATT&CK’s initial techniques. He has spent much of his 12 years with MITRE studying and preaching the use of deception for intelligence gathering. Prior to joining MITRE, Adam was a researcher at Carnegie Mellon’s Parallel Data Lab and earned his BS and MS degrees in Computer Science and Electrical and Computer Engineering as well as the 2017 Alumni Service Award from Carnegie Mellon University. Adam has presented and published in a number of venues including FIRST CTI, USENIX Security and ACM Transactions on Information and System Security.

State of the ATTACK

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour January 2021 By Gert-Jan Bruggink, Defensive Specialist, FalconForce Adversaries are humans as well. They have objectives, deadlines and resources for programming. In a sense, very similar to corporations grounded in the economics of effort vs time vs results. Now understanding techniques is one thing, taking it a step further and understanding what the economic impact is of using certain techniques is another. Developing tools takes time. For example, developing a custom process injection module might take days or weeks to develop, where using an open source tool could prevent extensive development costs incurred. This talk explores the economic considerations for defending against techniques used by adversaries. It explores fundamental considerations all referenced to MITRE’s ATT&CK framework. The objective of this talk is to inspire defensive strategies designed to impact cost incurred by adversaries to perform compromises.

ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour January 2021 By Daniel Wyleczuk-Stern, Senior Security Engineer, Snowflake Cyber security is inherently a function of risk management. Risk management is the identification, evaluation, and prioritization of risks followed by the effort to reduce those risks in a coordinated and economical manner (thanks wikipedia!). In this talk, Daniel will be going over some strategies for measuring and prioritizing your cyber risks using MITRE ATT&CK. He'll discuss some lessons learned in atomic testing of techniques vs attack chaining as well as what to measure and how to make decisions with that data.

Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...

MITRE - ATT&CKcon

MITRE ATTACKcon Power Hour - January

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour December 2020 By Jacob Benjamin, Principal Industrial Consultant Dragos, INL, & University of Idaho Design Basis Threat (DBT) is concept introduced by the Nuclear Regulatory Commission (NRC). It is a profile of the type, composition, and capabilities of an adversary. DBT is the key input nuclear power plants use for the design of systems against acts of radiological sabotage and theft of special nuclear material. The NRC expects its licensees, nuclear power plants, to demonstrate that they can defend against the DBT. Currently, cyber is included in DBTs simply as a prescribed list of IT centric security controls. Using MITRE’s ATT&CK framework, Cyber DBTs can be created that are specific to the facility, its material, or adversary activities.

Using ATTACK to Create Cyber DBTS for Nuclear Power Plants

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour December 2020 By Hieu Tran, Threat Detection Team Lead FPT Cybersecurity Division No matter how sophisticated and thorough your security precautions may be, you cannot assume your security measures are impenetrable. This is why you need a threat hunting program in place. But how can we implement a proper threat hunting program and run it efficiently? In this talk, we will uncover how to sharpen your threat hunting strategy by leveraging ATT&CK. Ultimately, we’ll be demonstrating how effectively employing the hunting methodology in the real-world battlefield, fighting against well-known cyber espionage actors who strongly focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia.

Sharpening your Threat-Hunting Program with ATTACK Framework

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour December 2020 By Valentina Palacín, Sr. Cyber Threat Intelligence Analyst No one can deny the tremendous impact that ATT&CK had on the cybersecurity industry, nor the usefulness of having a good Threat Library at your disposal. But the question Valentina gets asked over and over by people from small companies is always the same: “How could I leverage threat intelligence using ATT&CK with limited time and resources?” And so far, there hasn't been a good answer. That’s why she decided to come up with the Threat Mapping Catalogue (TMC), a tool that combines the power of the mappings already available in the ATT&CK website, TRAM and the ATT&CK Navigator, to better process, consume and incorporate new mappings while organizing them around different categories.

Helping Small Companies Leverage CTI with an Open Source Threat Mapping

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour December 2020 By Katie Nickels, Director of Intelligence, Red Canary Good analysts (and good human beings) change their minds based on new information. In this presentation, Katie will share how her perspectives on ATT&CK have changed since moving from ATT&CK team member to ATT&CK end-user. She will discuss how her ideas about coverage, procedures, and detection creation have evolved and why those perspectives matter. Katie will also share practical examples from observed threats to help explain the nuances of her perspectives. Attendees should expect to leave this presentation with a better understanding of how to handle challenges they’re likely to face when navigating their own ATT&CK journey.

From Theory to Practice: How My ATTACK Perspectives Have Changed

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour November 2020 By Matt Snyder, Senior Threat Analytics Engineer, VMware The market for Security products is flooded with vendors offering all sorts of solutions, and organizations are spending a record amount of money defending their environments. Nevertheless, an increasing number of breaches are reported each year, resulting in organizations spending millions of dollars to remediate them. The Security industry responds with more products, all offering to stop the next breach, and the cycle continues. In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, 2020, Matt discusses what VMware is doing internally to address this fundamental flaw in the Security industry and how they are leveraging the MITRE ATT&CK framework to reshape how we think about security.

What's a MITRE with your Security?

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour November 2020 By Anthony Randazzo, Global Response Lead, Expel The team at Expel has been migrating to the cloud for the last 10 years, but as usual, security has lagged behind. Which means we don't have a comprehensive detection and response framework for cloud like we do with the Enterprise ATT&CK matrix. Cloud has evolved into a complex beast as technologies and concepts – like Infrastructure As Code, Containers, Kubernetes and so forth – have emerged. These new attack surfaces have been added that introduce additional challenges to detection and response in our cloud environments. We don't know what we don't know about attack life cycles in the cloud. In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, 2020, Anthony shares some interesting lessons learned so far when it comes to finding bad guys in the cloud.

ATTACKing the Cloud: Hopping Between the Matrices

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour November 2020 By Allie Mellen, Security Strategist, Office of the CSO, Cybereason In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, Allie discusses how the Cybereason research team uses both MITRE ATT&CK and MITRE ATT&CK for Mobile to map and communicate new malware to the larger security community. Teams use the MITRE ATT&CK framework to share techniques, tactics, and procedures with their team and the community at large. This knowledge base has been incredibly beneficial for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Many of these uses have centered around traditional endpoints like laptops and workstations. However, the MITRE ATT&CK team has also created a cutting-edge portion of their framework: MITRE ATT&CK for Mobile. One of the most recent pieces of malware they have found is EventBot, a mobile banking trojan that targets Android devices and the financial services applications on them, including popular apps like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase, paysafecard, and many more. In this talk, learn about this specific attack, intended targets, a timeline of the attack, and the MITRE ATT&CK for Mobile mapping. Learn why the Cybereason team map to MITRE ATT&CK and MITRE ATT&CK for Mobile and what benefits it has given them and their interactions with the community.

Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour October 2020 By Matan Hart, Co-Founder & CEO Cymptom @machosec Adversary emulation is commonly used to validate security controls and is considered one of the most popular use-cases for the ATT&CK framework. However, emulating adversary TTPs on production environments is often very limited in testing scope and frequency, and such practice may cause unwanted business disruption. In this talk from the MITRE ATT&CKcon Power Hour session on October 9, 2020, Hart presents a different approach to testing controls against ATT&CK. He demonstrates how it is possible to provide data-based methods to evaluate the exploitability of ATT&CK techniques by gathering information from the network, endpoint, and services; this unique approach does not emulate any sort of malicious action, thus reducing the potential of causing business disruption to the minimum. Hart also outlines a new open-source guideline based on ATT&CK mitigations, that security teams can use to assess their security posture non-intrusively and at scale.

Transforming Adversary Emulation Into a Data Analysis Question

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour October 2020 By Brandon Levene, Head of Applied Intelligence Google, @seraphimdomain Opportunistically targeted ransomware deployments, aka Big Game Hunting (BGH), have caused a distinct disruption in the mechanics of monetizing crimeware compromises. This strategy has become the “end game” for the majority of organized cybercrime organizations, and one effect of this shift is the increased emphasis on enterprise-level targets. In this talk from the MITRE ATT&CKCon Power Hour session on October 9, 2020, Levene walks us through research about how a specific BGH threat actor pursues entry points, gains its foothold, pivots, and deploys payloads to maximize their financial gains with minimal effort - and infrastructure! You’ll walk away with an understanding of the latest BGH TTPs seen in enterprise environments, and how they map to the ATT&CK framework so you can build this research into your threat detection strategy and enhance your defenses.

TA505: A Study of High End Big Game Hunting in 2020

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour October 2020 By: Aunshul Rege, Associate Professor, Temple University, @prof_rege Rachel Bleiman, PhD Student/NSF Graduate Research Assistant, Temple University, @rab1928 This presentation from the MITRE ATT&CKcon Power Hour session on October 9, 2020, explores the application of the MITRE ATT&CK® and PRE-ATT&CK matrices in cybercrime education and research. Specifically, Rege and Bleiman demonstrate the mapping of the PRE-ATT&CK matrix to social engineering case studies as an experiential learning project in an upper-level cybercrime liberal arts course. It thus allows students to understand the alignment process of threat intelligence to the PRE-ATT&CK framework and also learn about its usefulness/limitations. The talk also discusses the mapping of the ATT&CK matrix, tactics, techniques, software, and groups for two cybercrime datasets created by collating publicly disclosed incidents: (i) critical infrastructure ransomware (CIRW) incidents, and (ii) social engineering (SE) incidents. For the CIRW dataset, 39% of the strains mapped onto the ATT&CK software. For the SE dataset, 49% of the groups and 65% of the techniques map on to the MITRE framework. This helps the researchers identify the framework's usefulness/limitations and also helps our datasets connect to richer information that may not otherwise be available in the publicly disclosed incidents.

Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour - October By Brian Donohue, Security Evangelist, Red Canary, @thebriandonohue In early 2018, Red Canary adopted MITRE ATT&CK as the common language that they would use to categorize threats, measure detection coverage, and communicate about malicious behaviors. In the intervening years, they’ve relied on the framework to develop open source tools like Atomic Red Team and help security teams prioritize their defensive efforts with blogs and our annual Threat Detection Report. In early 2020, MITRE announced that ATT&CK would be expanding its original taxonomy of tactics and techniques to include sub-techniques. In the months that followed MITRE's announcement, Red Canary’s research, intelligence, and detection engineering teams painstakingly remapped their library of thousands of behavioral analytics to sub-techniques. In doing so, they improved their correlational logic, experimented with the idea of conditional technique mapping, and, unfortunately, rendered the 2020 Threat Detection Report out-of-date. In this talk from the MITRE ATT&CKcon Power Hour session on October 9, 2020, Brian discusses how refactoring for sub-techniques offered us the opportunity to apply all the lessons learned in more than two years of operationalizing ATT&CK. He also explores how Red Canary has remodeled its ATT&CK mapping to allow for added flexibility and human input and shows what happens when the Red Canary applied their new sub-technique mappings to the 2020 Threat Detection Report.

Starting Over with Sub-Techniques

MITRE - ATT&CKcon

MITRE ATTACKCon Power Hour - December

MITRE - ATT&CKcon

MITRE ATT&CKcon Power Hour - November

MITRE - ATT&CKcon

MITRE ATTACKcon Power Hour - October

MITRE - ATT&CKcon

MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...

MITRE - ATT&CKcon

Mehr von MITRE - ATT&CKcon (20)

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence

State of the ATTACK

ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries

Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...

MITRE ATTACKcon Power Hour - January

Using ATTACK to Create Cyber DBTS for Nuclear Power Plants

Sharpening your Threat-Hunting Program with ATTACK Framework

Helping Small Companies Leverage CTI with an Open Source Threat Mapping

From Theory to Practice: How My ATTACK Perspectives Have Changed

What's a MITRE with your Security?

ATTACKing the Cloud: Hopping Between the Matrices

Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile

Transforming Adversary Emulation Into a Data Analysis Question

TA505: A Study of High End Big Game Hunting in 2020

Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research

Starting Over with Sub-Techniques

MITRE ATTACKCon Power Hour - December

MITRE ATT&CKcon Power Hour - November

MITRE ATTACKcon Power Hour - October

MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...

Kürzlich hochgeladen

Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...

tanu pandey

Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K High Profile Escorts In Wardha WhatsApp Chat With Parul:-8617370543 There are a number of Wardha Escorts willing to meet you at an affordable rate, which also possesses high moral standards and humanitarian tendencies. These girls can help satisfy the sexual desires of clients without fail; it is therefore essential that clients select an established service. Our services feature various packages at competitive rates: One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call

Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...

Dipal Arora

Coastal Protection Measures in Hulhumale'

NAP Global Network

Sustainability by Design: Assessment Tool for Just Energy Transition Plans

Just Energy Transition in Coal Regions Knowledge Hub

Nanded City ? Russian Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha Thakur Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔$V15 ✔✔To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Nanded City ? Russian Call Girls Pune - 450+ Call Girl Cash Payment 800573673...

SUHANI PANDEY

Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Room Cash On Delivery Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 (V030524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...

MOHANI PANDEY

Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With Best Shot Night Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...

tanu pandey

VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking Escorts Service Available Whatsapp SABANA ☎️ : [+91-7001035870] Escorts Service are always ready to make their clients happy. Their exotic looks and sexy personalities are sure to turn heads. You can enjoy with them, including massages and erotic encounters. Our area Escorts are young and sexy, so you can expect to have an exotic time with them. They are trained to satiate your naughty nerves and they can handle anything that you want. They are also intelligent, so they know how to make you feel comfortable and relaxed Independent Escorts Service They know all the sex positions and can satisfy you in any way that you desire. They can even give you erotic massages to help you relax before your session. This is essential, because a man who is stressed won’t be receptive to the pleasures of sex. They also know how to play with your sexy organs, so you’ll have plenty of foreplay and cuddling. P252024SS SERVICE ✅ ❣️ ⭐➡️HOT & SEXY MODELS // COLLEGE GIRLS HOUSE WIFE RUSSIAN , AIR HOSTES ,VIP MODELS . AVAILABLE FOR COMPLETE ENJOYMENT WITH HIGH PROFILE INDIAN MODEL AVAILABLE HOTEL & HOME ★ SAFE AND SECURE HIGH CLASS SERVICE AFFORDABLE RATE ★ SATISFACTION,UNLIMITED ENJOYMENT. ★ All Meetings are confidential and no information is provided to any one at any cost. ★ EXCLUSIVE PROFILes Are Safe and Consensual with Most Limits Respected ★ Service Available In: - HOME & HOTEL Star Hotel Service .In Call & Out call SeRvIcEs : ★ A-Level (star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)Receive advanced sexual techniques in different mode make their life more pleasurable. ★ Spending time in hotel rooms ★ BJ (Blowjob Without a Condom) ★ Completion (Oral to completion) ★ Covered (Covered blowjob Without condom ★ANAL SERVICES.

VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking

dharasingh5698

World Press Freedom Day 2024; May 3rd - Poster

Christina Parmionova

Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...

tanu pandey

VIP Model Call Girls Shikrapur ( Pune ) Call ON 8005736733 Starting From 5K to 25K High Profile Escorts In Pune Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 (V030524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

VIP Model Call Girls Shikrapur ( Pune ) Call ON 8005736733 Starting From 5K t...

SUHANI PANDEY

Pimple Gurav ) Call Girls Service Pune | 8005736733 Independent Escorts & Dating Escorts Service Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔$V15 ✔✔To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Pimple Gurav ) Call Girls Service Pune | 8005736733 Independent Escorts & Dat...

SUHANI PANDEY

Hinjewadi * VIP Call Girls Pune | Whatsapp No 8005736733 VIP Escorts Service Available 24*7 Book Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔$V15 ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Hinjewadi * VIP Call Girls Pune | Whatsapp No 8005736733 VIP Escorts Service ...

SUHANI PANDEY

1935 CONSTITUTION REPORT IN RIPH FINALLS

arandianics

celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔$V15 ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour

Call Girls in Nagpur High Profile

Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking Booking Now open +91- 7737669865 Why you Choose Us- +91- 7737669865 HOT⇄ 7737669865 Mr ashu ji Call Mr ashu Ji +91- 7737669865 (V020524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models

Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking

roncy bisnoi

The NAP process & South-South peer learning

NAP Global Network

VIP Model Call Girls Narhe ( Pune ) Call ON 8005736733 Starting From 5K to 25K High Profile Escorts In Pune Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 (V030524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

VIP Model Call Girls Narhe ( Pune ) Call ON 8005736733 Starting From 5K to 25...

SUHANI PANDEY

Election 2024 Presiding Duty Keypoints_01.pdf

Samirsinh Parmar

2024: The FAR, Federal Acquisition Regulations, Part 31

JSchaus & Associates

Kürzlich hochgeladen (20)

Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...

Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...

Coastal Protection Measures in Hulhumale'

Sustainability by Design: Assessment Tool for Just Energy Transition Plans

Nanded City ? Russian Call Girls Pune - 450+ Call Girl Cash Payment 800573673...

Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...

Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...

VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking

World Press Freedom Day 2024; May 3rd - Poster

Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...

VIP Model Call Girls Shikrapur ( Pune ) Call ON 8005736733 Starting From 5K t...

Pimple Gurav ) Call Girls Service Pune | 8005736733 Independent Escorts & Dat...

Hinjewadi * VIP Call Girls Pune | Whatsapp No 8005736733 VIP Escorts Service ...

1935 CONSTITUTION REPORT IN RIPH FINALLS

celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour

Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking

The NAP process & South-South peer learning

VIP Model Call Girls Narhe ( Pune ) Call ON 8005736733 Starting From 5K to 25...

Election 2024 Presiding Duty Keypoints_01.pdf

2024: The FAR, Federal Acquisition Regulations, Part 31

What's New with ATTACK for ICS?

1. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 What’s New with ATT&CK® for ICS? Otis Alexander https://attack.mitre.org/ics @ojalexander

4. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 ATT&CK for ICS Mitigations https://collaborate.mitre.org/attackics/index.php/Mitigations • M0800-M0816 are new to ATT&CK for ICS • Each mitigation has mappings to IEC 62443 and NIST SP 800-53 • Mitigations target the following stakeholders: • Asset owner/operators • Integrators • Device vendors • Security vendors • There is a significant focus on protecting operational and management interfaces of embedded controllers

5. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 STIX and Navigator Integration •As part of ATT&CK v8, we released ATT&CK for ICS in STIX https://github.com/mitre/cti/tree/master/ics-attack •A new version of ATT&CK Navigator was released as well where you can pick the ICS domain https://mitre-attack.github.io/attack-navigator/

6. What’s on the Horizon?

7. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 Updates to Data Sources • Maintaining visibility into ICS networks is essential for quickly detecting and remediating cyber threats. • Understanding the various data sources that are available in ICS networks is key to this endeavor. Network traffic is a popular source of data in ICS networks but there are other valuable sources of data that are often overlooked. • Embedded device logs • Application logs • Operational databases

8. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 Data Sources Configuration • Firmware version • System settings • Control logic • Parameters Performance and Statistics • CPU, memory, disk, ethernet, etc. • Network connection information Process Information • I/O values associated with tags • Alarms and faults (e.g., digital fault recorder) • Events (e.g., command execution) • Process quality (e.g., phasor measurement unit) Asset Management • Condition-based monitoring • Predictive maintenance • Work order system Physical • Physical sensors (e.g., tamper detection)

9. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 ICS Attacks Mapped to Enterprise • We’re currently working on mapping the following ICS attacks: • Stuxnet • Ukraine 2015 • Industroyer • Triton • Adversaries do not respect theoretical boundaries (i.e., IT/ICS) so it is important to have a deep understanding of how IT platforms are leveraged to access and impact ICS.

10. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 We Need Your Help! •How can we improve ATT&CK for ICS? •How are you currently using mitigations? •Do you have any opinions on our data source focus?

What's New with ATTACK for ICS?

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie What's New with ATTACK for ICS?

Ähnlich wie What's New with ATTACK for ICS? (20)

Mehr von MITRE - ATT&CKcon

Mehr von MITRE - ATT&CKcon (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

What's New with ATTACK for ICS?