5.4 MITRE ATT&CK and the MITRE Threat Groups Track

00:00

Hello and welcome to another lesson from the module campaign and a license in this video. We're going to talk about matter, attack and miter Threat Group Tracker

00:10

organizations nowadays are facing an increasing trend where threats and argues from advancing persistent threats or a pities are becoming more sophisticated. And these organizations are struggling to be able to defend themselves against these threats.

00:27

And for those just starting out who may not have many resources available, you can start using Attack Framework and Miter Threat Group tracker.

00:39

In this lesson, we will discover together the biter attack from work. And how is it useful for cyber threat intelligence and campaign analysis, and we will see the benefits off this train work. It will learn also about another framework provided by Miter, which is Miter Threat Group Tracker,

00:59

and we will finish this lesson with a practical use case.

01:02

The miter attack framework has gained a lot of popularity in the security industry over the pastor. For those who are not familiar, attack is the adversarial tactics, techniques and common knowledge framework available from miter. It is a curated knowledge base off 11 tactics

01:21

and hundreds of techniques that the Packers can leverage

01:25

one compromising enterprises

01:27

that that can be useful for any organization who wants to move to words

01:33

if threats. And former defense

01:36

for an organization with just a couple off analysts who wants to start using attack for threat intelligence, One way you can start is by taking a single group you care about and look at their behaviors as structured in attack framer.

01:53

Today, there are a lot of products that map to attack, so you can use their information as reference.

02:00

If it's not the case for you, you might choose a group from those map it on the Miter Threat Group tracker.

02:07

Why there are certainly other ways to share threat intelligence like the ones we've already seen in previous videos. When we're talking about common standards used in cyber threat intelligence such as sticks and taxi standards,

02:21

Attack provides a common language that standardized and globally accessible

02:25

as Katie Nichols attack threat intelligence leads for miter. Points out, analysts and defenders can work together with data to compare and contrast threat groups on the lists and defenders, and both structure their information using attack

02:43

analyst can structure intelligence about adversary behavior and the fenders constructor information about what behavior they can detect and mitigate. By identifying the highest priority techniques, an organization can better determine how to mitigate on detect them.

03:00

Now we can move to see the benefits off miter attack framework,

03:05

but that gives us a structured way to the script, adversary, Teepees and behavior. This structure allows us to compare adversary groups to themselves to other groups and two defenses in a way that addresses some of the challenges that are encountered by companies. Organizations

03:23

can leverage the framework to create a map to their defense systems. Creating the entries for miter Attack Navigator for specific actors is a good way off visualizing the strengths and weaknesses off one's environment

03:37

relating to these actors or groups. It can also be used to categorize tests carried out on an organization's internal systems

03:45

together with their results.

03:46

Now we can introduce second framework provided by matter, which is Threat Group tracker here. Groups are sets off related intrusion activities that are triggered by a common name in the security community.

04:01

On the list, drag clusters off activities using various analytic methodologies and terms such as Threat Group's activity groups,

04:12

intrusion sets and campaigns.

04:15

Some groups have multiple names associated with similar activities due to various organizations tracking same same activities by different names.

04:25

Analysts track clusters off activity using various analytic methodologies in terms such as Threat Group's activity groups, threat actors, intrusion sets and campaigns.

04:36

Some groups have multiple names associated with similar activities due to various organizations, track and similar activities by different names.

04:46

The information provided does not represent all possible techniques that are used by the groups, but rather a subset that is available through open source reporting. For the time being, there are 91 groups currently. Map it on the platform.

05:01

Let's see how all of this works in practical way. The graphic shown in this light compares techniques used by 83 a PT 29 including the takings from the software tails.

05:15

A Pity three is a China based threat group that the researchers have attributed to China's Ministry off state security.

05:23

A pretty 29 is a threat group that has been attributed to Russian government and has operated since at least 2008. The techniques used on Lee by 83 are highlighted in blue

05:36

and the ones that are only used by a PT 29 are highlighted in yellow, and the ones that are used by both 83 a PT 29 are color coded in green.

05:51

If 83 a PT 29 were two groups that an organization considered to be high threats, the techniques in green maybe the highest priority to determine how to mitigate on detect

06:05

next as the funders you can populate an attack metrics with what techniques you can detect.

06:12

You can overlay that on the metrics showing what are the techniques used by adversaries. And in this example, we used the red color tow the note. Those techniques that both groups 83 a PT 29 are using and the company cannot detect.

06:30

The techniques in red would likely be the highest priority to focus on

06:35

by the company.

06:36

This is all for this lesson. We've seen miter attack metrics. I was it used for cyber threat intelligence. We've seen the benefits off attack framework. We discovered another framework which is mightier threat. The group tracker. We've seen an example howto work with matter threat, roof tracker and in summary,

06:57

might your attack includes a raft of tools and resources to compliment any security strategy.

07:02

This framework provides companies with threat intelligence and give them an idea off how prepared they are to detect and respond to in Children's. In this way, they are able to mean their cyber security needs and can be ready wherever bet actors strike.