MITRE Corporation has released the tenth version of ATT&CK, its globally accessible (and free!) knowledge base of cyber adversary tactics and techniques based on real-world observations.
Version ten comes with new Data Source objects, new and changed techniques in its various matrices, key changes to facilitate hunting in ICS environments, and more.
MITRE ATT&CK v10
The most prominent change in this newest version of the framework is new objects with aggregated information about data sources.
āThe data source object features the name of the data source as well as key details and metadata, including an ID, a definition, where it can be collected (collection layer), what platform(s) it can be found on, and the data components highlighting relevant values/properties that comprise the data source,ā MITRE ATT&CK Content Lead Amy L. Robertson and cybersecurity engineers Alexia Crumpton and Chris AnteĀ explained.
āThese data sources are available for all platforms of Enterprise ATT&CK, including our newest additions that cover OSINT-related data sources mapped toĀ PRE platform techniques.ā
Changes inĀ ATT&CK for ICSĀ and theĀ Mobile matricesĀ are focused on providing all the features currently provided in the Enterprise matrices.
āv10 also includes cross-domain mappings of Enterprise techniques to software that were previously only represented in the ICS Matrix, including Stuxnet, Industroyer, and several others. The fact that adversaries donāt respect theoretical boundaries is something weāve consistently emphasized, and we think itās crucial to feature Enterprise-centric mappings for more comprehensive coverage of all the behaviors exhibited by the software,ā they added.
The complete release notes for MITRE ATT&CK v10 can be foundĀ here.
