MITRE on Tuesday announced the release of version 14 of ATT&CK, the widely used knowledge base of adversary tactics and techniques. ATT&CK v14 brings improvements related to detections, industrial control systems (ICS), and mobile.
ATT&CK v14 covers a total of 760 pieces of software, 143 activity clusters (groups), and 24 campaigns across enterprise, mobile and ICS.
The latest version of ATT&CK brings a significant expansion of detection notes and analytics, as well as enhanced relationships between detections, data sources and mitigations.
“This release includes updated technique alignments to data sources and mitigations, better reflecting the most effective defensive measures for the impacted techniques,” explained MITRE’s Amy Robertson.
In the ‘enterprise’ category, ATT&CK has been expanded to incorporate social engineering techniques and deceptive practices that might not have a direct technical component, such as impersonation, financial theft, and voice phishing.
As for ICS, version 14 adds over a dozen assets that represent the primary functional components of ICS environments, such as application server, control server, data gateway, historian, field device, human-machine interface (HMI), programmable logic controller (PLC), remote terminal unit (RTU), safety controller, and workstation.
“These Asset pages include in-depth definitions, meticulous mappings to techniques, and a list of related Assets. Our primary goals for Assets are to provide a common language for inter-sector communication, and to empower underrepresented sectors to leverage ATT&CK mappings, fostering meaningful communication about risks and threats,” Robertson said.
MITRE has also expanded the coverage of the ‘mobile’ category to include various types of phishing (smishing, quishing and vishing), and introduced structured detections.
The navigation bar of the ATT&CK website has also been tweaked to feature a single dynamic menu that provides access to secondary links through dropdown menus.