Menu

Most Common MITRE Att&ck Techniques

In today's ever-evolving cybersecurity landscape, understanding the tactics and techniques employed by adversaries is crucial for effective defense. The MITRE ATT&CK framework has emerged as a comprehensive knowledge base, cataloging the various methods used by threat actors during cyber attacks.

This blog series will delve into the most prevalent techniques observed across various incidents and attack groups, shedding light on the modus operandi of cybercriminals. By gaining insights into these common tactics, security professionals can enhance their defensive posture and better prepare for potential threats.

The MITRE ATT&CK framework organizes adversary behavior into a matrix of tactics and techniques, covering the entire attack lifecycle, from initial access to exfiltration. While the framework encompasses a vast array of techniques, certain methods have gained notoriety due to their widespread adoption by attackers.

In this series, we will explore the following techniques that have become commonplace in the world of cyber attacks:

  1. Initial Access:
    1. Phishing (T1566)
    2. Exploiting Public-Facing Applications (T1190)
    3. Trusted Relationship (T1199)
  2. Execution:
    1. PowerShell (T1059.001)
    2. Windows Command Shell (T1059.003)
    3. Script Interpreter (T1059)
  3. Persistence:
    1. Valid Accounts (T1078)
    2. Server Software Component (T1505)
    3. Scheduled Task/Job (T1053)
  4. Privilege Escalation:
    1. Exploitation for Privilege Escalation (T1068)
    2. Process Injection (T1055)
    3. Bypass User Account Control (T1548)
  5. Defense Evasion:
    1. Masquerading (T1036)
    2. Obfuscated Files or Information (T1027)
    3. Disabling Security Tools (T1089)
  6. Credential Access:
    1. OS Credential Dumping (T1003)
    2. Brute Force (T1110)
    3. Unsecured Credentials (T1552)
  7. Discovery:
    1. Account Discovery (T1087)
    2. System Information Discovery (T1082)
    3. Network Share Discovery (T1135)
  8. Lateral Movement:
    1. Remote Services (T1021)
    2. Windows Admin Shares (T1077)
    3. Exploitation of Remote Services (T1210)
  9. Collection:
    1. Data from Local System (T1005)
    2. Data from Network Shared Drive (T1039)
    3. Email Collection (T1114)
  10. Exfiltration:
    1. Exfiltration Over C2 Channel (T1041)
    2. Exfiltration Over Alternative Protocol (T1048)
    3. Automated Exfiltration (T1020)

By understanding these common techniques, organizations can implement effective countermeasures, enhance their security posture, and stay ahead of potential threats. Join us as we dive deep into each category, dissecting the tactics and providing actionable insights for defending against these pervasive cyber attack methods.

Stay tuned for the upcoming blog posts, where we will explore each technique in detail, empowering you with the knowledge to fortify your defenses and protect your organization from cyber threats.

Blog Posts

Home