welcome to the eighth and final lesson of model one. How attack Grows and evolves.
In this lesson, we will explore how and why attack changes over time,
recognize how to track and monitor these changes,
and finally identify how to access previous versions of attack
adversaries. Malware and the behaviors evolve every day,
and to keep up with this attack is very much a living framework.
Techniques group software and the various objects with an attack were all designed to evolve and grow over time
as a need to add deprecate or even enhanced content is very much needed.
The Mortar Attack Team has continuous processes for vetting and modifying attack content,
including keeping up with publicly available cyber threat intelligence and making appropriate changes to techniques and some techniques, as well as their mapping these two groups and software.
To highlight this growth, let's take a look at one of the first matrices produced by the attack team.
This is the enterprise matrix from around 2014.
As you can see, this Matrix only has eight tactics and around 60 techniques
compare that to the most recent version of attack Version eight.
The Enterprise Matrix has 14 tactics and over 500 combined techniques and some techniques.
This may seem like a lot of growth. I think about how many hash values, IP addresses
and domain names and other artifacts have been produced by adversaries since 2014.
Attack is typically updated twice a year,
and there are various ways you can track these changes,
the first of which is updates and modifications to the sticks content hosted in the spider. C T I Get up repository.
The sticks content is what populates the attack website,
but you can also see these changes be the update logs hosted on the site, which will include descriptions and notes free to release.
While attack continues to grow and evolve over time, there may come a need to access previous version of attack
Virgin dating back to version three
are still hosted on the website.
While the attack team does a lot of work to grow and evolve attack, we really do depend on the community to keep a cat growing.
Contributed guidance as well as examples is available on the site
and definitely feel free to reach out to attack at mit dot org for any ideas or intelligence that can be used to grow enhance the model.
we reached the end of lesson eight.
In our knowledge check
complete the following sentence.
please positive video and take a second to select the correct answer before proceeding.
As much as I would love to say, attack is perfect, the correct answer is C
attack is constantly evolving. Over time, anyone can submit the contribution
in summary attack grows to keep up with the evolution of threats and adversaries,
and these changes can be monitored. The updates to the sticks
tracked in our logs on the site
previous version of attack are still hosted on our site going back to version three.
And with that, we've reached the end of module one
attack was created based on the need
to understand and adapt to our adversaries
and captures the TPS of real world adversary behaviors
and maps. These TTP s
two groups and software which execute these behaviors.
I definitely recommend visiting our site attack that might work to get a hands on few for the attack and all the information captured.
But for more great information, check out our design philosophy paper as well as our getting started guide