CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile 

MITRE announces the release of ATT&CK v14, which brings enhancements related to detections, ICS, and mobile.

MITRE ATT&CK v14

MITRE on Tuesday announced the release of version 14 of ATT&CK, the widely used knowledge base of adversary tactics and techniques. ATT&CK v14 brings improvements related to detections, industrial control systems (ICS), and mobile.

ATT&CK v14 covers a total of 760 pieces of software, 143 activity clusters (groups), and 24 campaigns across enterprise, mobile and ICS. 

The latest version of ATT&CK brings a significant expansion of detection notes and analytics, as well as enhanced relationships between detections, data sources and mitigations. 

“This release includes updated technique alignments to data sources and mitigations, better reflecting the most effective defensive measures for the impacted techniques,” explained MITRE’s Amy Robertson. 

In the ‘enterprise’ category, ATT&CK has been expanded to incorporate social engineering techniques and deceptive practices that might not have a direct technical component, such as impersonation, financial theft, and voice phishing. 

As for ICS, version 14 adds over a dozen assets that represent the primary functional components of ICS environments, such as application server, control server, data gateway, historian, field device, human-machine interface (HMI), programmable logic controller (PLC), remote terminal unit (RTU), safety controller, and workstation.

“These Asset pages include in-depth definitions, meticulous mappings to techniques, and a list of related Assets. Our primary goals for Assets are to provide a common language for inter-sector communication, and to empower underrepresented sectors to leverage ATT&CK mappings, fostering meaningful communication about risks and threats,” Robertson said.

MITRE has also expanded the coverage of the ‘mobile’ category to include various types of phishing (smishing, quishing and vishing), and introduced structured detections. 

Advertisement. Scroll to continue reading.

The navigation bar of the ATT&CK website has also been tweaked to feature a single dynamic menu that provides access to secondary links through dropdown menus.  

MITRE has published a blog post detailing some of the major updates in ATT&CK v14, as well as release notes listing new techniques and version changes. A detailed changelog is also available. 

Related: MITRE and CISA Release Open Source Tool for OT Attack Emulation

Related: MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses

Related: New Tool Made by Microsoft and Mitre Emulates Attacks on Machine Learning Systems

Related: Three Ways to Improve Defense Readiness Using MITRE D3FEND

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.