Although ATT&CK is not laid out in any linear order, Initial Access will be the point at which an attacker gains a foothold in your environment. This tactic is a nice transition point from PRE-ATT&CK to ATT&CK for Enterprise. What is different about the techniques within Initial Access is that they are more high-level than some of the other techniques. An attacker will use a different technique to achieve an Initial Access technique.
For example, let’s assume an attacker were to use a Spearphishing Attachment. The attachment itself will have some type of exploit to achieve that level of access, maybe PowerShell or another Scripting technique. If the execution were successful, it would allow them to pivot into other tactics and techniques to achieve their ultimate goal.
Anyone who has been in security for any amount of time will recognize most if not all of these techniques. These are usually what’s discussed most often in news reports and the Verizon Data Breach Investigation Reports. Fortunately, since these are well known, there are a lot of technologies and processes available to both mitigate and detect abuse for each technique.
While the ..
Support the originator by clicking the read the rest link below.
