MITRE ATT&CK Update Includes Wi-Fi Discovery, Defense Evasion and Masquerading Tactics
November 2023 by Marc Jacob
This morning, CardinalOps announced their contribution to MITRE ATT&CK v14, the industry-standard framework for understanding cyber adversary playbooks and behavior.
The CardinalOps architects’ contributions are among the exponentially expanded number of techniques in v14, along with a new easy button and an added new source of analytics: BZAR (Bro/Zeek ATT&CK-based Analytics and Reporting).
These are a subset of CAR (Cyber Analytics Repository) analytics that enable defenders to detect and analyze network traffic for signs of ATT&CK-based adversary behavior.
Threat detection experts at CardinalOps contributed updates to the following areas of v14:
Wi-Fi Discovery - Looking to Wi-Fi networks to access information from hosts. By targeting local Wi-Fi networks or networks to which a device has recently been connected, adversaries can access sensitive information like passwords and other personal data.
Data Destruction - Disrupting the availability of systems, services, and network resources through the destruction of data and files in large numbers or on specific devices.
Masquerading - Evading defenses and observation by matching or closely imitating names and locations of legitimate resources and files.