lecture recording on 24 February 2025 at 12.48.28 PM

Overview of MITRE and the Manhattan Project

• Manhattan Project: Refers to the secret project during World War II that developed the nuclear bomb.

• MITRE: An organization involved in the project, which has since partnered with the US government and allies to set standards and conduct research on cybersecurity vulnerabilities.

Importance of Cybersecurity

• Cybersecurity has been a major issue for the past 30 years.

• There is a need for intelligent individuals in various agencies to think proactively about cybersecurity threats, including potential large-scale cyber attacks.

• Think Tank: MITRE functions as a think tank for cybersecurity, analyzing potential vulnerabilities and threats.

MITRE ATT&CK Framework

• MITRE ATT&CK: Launched in 2010, this is a knowledge base that details the tactics and techniques adversaries use in cyber attacks.

  • Various Versions: Includes matrices for enterprise environments, industrial control systems, artificial intelligence, and mobile devices.

• Website Reference: Users can find extensive resources at attack.MITRE.org.

Key Components of MITRE ATT&CK

• Tactics: Objectives an attacker aims to achieve, such as reconnaissance and lateral movement.

• Techniques: Methods attackers employ to reach their objectives, offering multiple approaches for each tactic.

• Sub-techniques: More specific methods under each technique that illustrate different ways attackers achieve their goals.

Attack Lifecycle

• Phases of Attack:

  • Reconnaissance: Gathering information.

  • Initial Access: Breaking in.

  • Execution: Implementing the attack.

  • Persistence: Staying hidden within the system.

  • Privilege Escalation: Gaining higher access levels.

  • Defense Evasion: Avoiding detection by security tools.

  • Discovery: Understanding the environment's configuration.

  • Lateral Movement: Navigating within the network.

  • Data Exfiltration: Stealing sensitive data.

  • Impact: The outcome of the attack, such as loss or ransom of data.

Applications of MITRE ATT&CK

• Useful for penetration testers and ethical hackers.

• Helps organizations to simulate attacks and understand attacker behaviors.

MITRE Defend Framework

• Purpose: Developed as a complementary framework to MITRE ATT&CK, focusing on defense strategies against cyber threats.

• Core Concepts: Includes hardening systems, detecting threats, isolation, evicting attackers, cleaning infected systems, and restoring operations.

  • Users can find it at defend.MITRE.org.

• Focus on Artifacts: Emphasizes the importance of digital artifacts and logging for forensic analysis.

Other MITRE Resources

• MITRE ATLAS: A new framework that focuses on AI vulnerabilities and threats, similar to the existing ATT&CK frameworks but tailored for AI.

• MITRE Kpeck: Addresses application vulnerabilities, aligning with OWASP standards and identifying common threats in applications.

• MITRE CWE: Common Weakness Enumeration, which catalogs vulnerabilities, including a top 25 list that highlights the most critical weaknesses.

Conclusion and Reflection

• MITRE provides a set of frameworks and tools that are essential for understanding and combating cyber threats.

• Continuous development and sharing of knowledge in cybersecurity are vital for keeping systems secure from constantly evolving threats.