Discovery and defense evasion were the predominant attacker tactics observed in 2019, a team of researchers report in a new ranking of common MITRE ATT&CK tactics used in the past year.
In 2019, Recorded Future's Insikt Group began to integrate data on attack tactics, techniques, and procedures (TTPs) based on the MITRE ATT&CK framework into its data collection and analysis. Researchers reviewed the identifiers across sandbox submissions throughout the year and compiled a list of the most frequently referenced tactics and techniques. Defense evasion dominated tactics, and security software discovery is the most popular technique for doing it.
"There were really three main takeaways we saw based on this data," says David Carver, manager and analyst for on-demand services at Recorded Future. "Either we're looking at criminals becoming more interested in the defense perspective, or security tools are getting better, or both. We don't have evidence to lead one way or the other, but I suspect it's both."
Through defense evasion, attackers bypass detection by obfuscating malicious scripts, hiding in trusted processes, and disabling security software, among other tricks. Discovery, the next most-common tactic, involves learning and understanding a target network or host. Techniques related to discovery and defense evasion made up seven out of the top 10 most common; their prominence was consistent across all months throughout the year, researchers report.
Discovery "is one of those baselines that's required for any kind of successful malware operation," as it allows an attacker to understand whether the system has everything needed to succeed. "It's knowing not just your target but what I can do once I'm on a target," Carver adds. This is e ..
Support the originator by clicking the read the rest link below.
