In 2013, MITRE created the ATT&CK framework with an initial publication of 64 Windows techniques. Since then, ATT&CK has evolved to include well over 250 techniques and a comprehensive knowledge base of attacker tactics and techniques, actor groups, and software.
ATT&CK is useful for understanding both malicious actors and their techniques, which help in red-teaming, identifying defensive gaps, assessing SOC maturity, and enriching threat intel. Until recently, the operating system/device platforms of the content reflected the historical install base for malware threats (Windows, Mac, Linux, iOS, Android), but did not reflect widespread cloud adoption.
We are excited to share that on October 24th, MITRE published the initial set of cloud attack techniques. Netskope Threat Research is proud to be one of the community of contributors to this effort, specifically contributing the following techniques:
Over the coming months, Netskope Threat Research will be working diligently to share more detailed prescriptive guidance with users on how best to understand, detect, mitigate, and prevent cloud threats. We believe that MITRE ATT&CK is an organized framework that can help all of us more systematically analyze threats of all kinds and focus on the efficacy of various defensive approaches across different security operations. We’re looking forward to diving deeper into specific cloud techniques, how we should think about them differently, and how we can build more effective defensive controls. Stay tuned to our blog in the coming weeks as we explore multiple cloud techniques in detail.