How ATT&CK® Grows and Evolves

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
58 minutes
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
welcome to the eighth and final lesson of model one. How attack Grows and evolves.
00:07
In this lesson, we will explore how and why attack changes over time,
00:11
recognize how to track and monitor these changes,
00:14
and finally identify how to access previous versions of attack
00:20
adversaries. Malware and the behaviors evolve every day,
00:24
and to keep up with this attack is very much a living framework.
00:28
Techniques group software and the various objects with an attack were all designed to evolve and grow over time
00:34
as a need to add deprecate or even enhanced content is very much needed.
00:40
The Mortar Attack Team has continuous processes for vetting and modifying attack content,
00:45
including keeping up with publicly available cyber threat intelligence and making appropriate changes to techniques and some techniques, as well as their mapping these two groups and software.
00:57
To highlight this growth, let's take a look at one of the first matrices produced by the attack team.
01:02
This is the enterprise matrix from around 2014.
01:06
As you can see, this Matrix only has eight tactics and around 60 techniques
01:11
compare that to the most recent version of attack Version eight.
01:15
The Enterprise Matrix has 14 tactics and over 500 combined techniques and some techniques.
01:23
This may seem like a lot of growth. I think about how many hash values, IP addresses
01:26
and domain names and other artifacts have been produced by adversaries since 2014.
01:36
Attack is typically updated twice a year,
01:38
and there are various ways you can track these changes,
01:42
the first of which is updates and modifications to the sticks content hosted in the spider. C T I Get up repository.
01:49
The sticks content is what populates the attack website,
01:53
but you can also see these changes be the update logs hosted on the site, which will include descriptions and notes free to release.
02:06
While attack continues to grow and evolve over time, there may come a need to access previous version of attack
02:14
Virgin dating back to version three
02:16
are still hosted on the website.
02:23
While the attack team does a lot of work to grow and evolve attack, we really do depend on the community to keep a cat growing.
02:30
Contributed guidance as well as examples is available on the site
02:35
and definitely feel free to reach out to attack at mit dot org for any ideas or intelligence that can be used to grow enhance the model.
02:45
And with that,
02:46
we reached the end of lesson eight.
02:49
In our knowledge check
02:51
complete the following sentence.
02:52
Attack it,
02:53
please positive video and take a second to select the correct answer before proceeding.
03:01
As much as I would love to say, attack is perfect, the correct answer is C
03:06
attack is constantly evolving. Over time, anyone can submit the contribution
03:13
in summary attack grows to keep up with the evolution of threats and adversaries,
03:17
and these changes can be monitored. The updates to the sticks
03:21
or updates
03:23
tracked in our logs on the site
03:27
and finally
03:28
previous version of attack are still hosted on our site going back to version three.
03:35
And with that, we've reached the end of module one
03:37
in summary
03:38
attack was created based on the need
03:40
to understand and adapt to our adversaries
03:45
and captures the TPS of real world adversary behaviors
03:47
and maps. These TTP s
03:50
two groups and software which execute these behaviors.
03:55
I definitely recommend visiting our site attack that might work to get a hands on few for the attack and all the information captured.
04:04
But for more great information, check out our design philosophy paper as well as our getting started guide
Up Next
MITRE ATT&CK Defender™ (MAD) ATT&CK® Fundamentals Badge Training

This course is the fundamental piece of the MITRE ATT&CK Defender™ (MAD) series where we will explore how a threat-informed mindset can help focus our efforts towards improving and understanding how our defenses actually fare against real-world adversaries.

Instructed By