One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8604310 |
| Date de publication | 2024-10-31 17:18:14 (vue: 2024-10-31 18:07:19) |
| Titre | Rapport trimestriel de la cyber-menace: Tendances du cadre Mitre ATT & CK à OSINT (juillet à septembre 2024) Quarterly cyber threat report: MITRE ATT&CK framework trends in OSINT (July to September 2024) |
| Texte | ## Snapshot This report presents an analysis of recent trends in cyber threats based on 242 articles published by threat researchers across the security community between July and September 2024 (Q3). These articles are curated by Microsoft Threat Intelligence from over one hundred trusted sources and are included in Microsoft Defender Threat Intelligence as open-source intelligence (OSINT) articles. The analysis focuses on over 2,000 MITRE ATT&CK framework tags correlated to the content in each article. By distilling insights from these tags and the related intelligence, we can highlight prevalent tactics, techniques, and procedures (TTPs) observed in the cyber security landscape over the past quarter. This dataset is not exhaustive but represents a curated set of the most high-profile cyber threat intelligence reporting from across the security community. When prioritizing cyber security efforts, it\'s essential to understand the trending TTPs observed in the wild. This knowledge helps defenders make informed decisions about the most effective strategies to implement, especially where to focus engineering efforts and finite resources. ## Activity Overview - **Initial Access**: Phishing remains the most prevalent initial attack vector, featuring in approximately 40% of OSINT reports from Q3. Phishing continues to dominate as an initial access technique, underscoring its perennial effectiveness and emphasizing the ongoing need for comprehensive user education programs and enhanced email security solutions. - **Execution**: As we reflect on the prominence of phishing, User Execution also remains the most common method of launching attacks, with users often enticed to click on malicious files or links. A notable runner-up was [Command and Scripting Interpreter/PowerShell](https://attack.mitre.org/techniques/T1059/001/), which was the preceding quarter\'s top execution technique. - **Persistence**: [Boot or Logon Autostart Execution](https://attack.mitre.org/techniques/T1547/001/), particularly through Registry Run Keys and Startup Folder manipulation, is the most cited persistence technique. This method demonstrates attackers\' continued focus on maintaining persistence across system restarts by embedding themselves in critical system components. As these techniques are frequently used to bypass detection, strengthening endpoint detection and response capabilities around startup processes is essential. - **Command and Control**: [Application Layer Protocols/Web Protocols](https://attack.mitre.org/techniques/T1071/001/) is the most reported command and control (C2) method reflecting adversaries\' use of legitimate web protocols to mask malicious C2 traffic. Attackers frequently leverage common protocols like HTTP/HTTPS to blend in with normal network traffic, highlighting the need for advanced network traffic analysis. - **Impact**: Ransomware, specifically [Data Encrypted for Impact](https://attack.mitre.org/techniques/T1486/), remains the most frequently reported impact technique. This reaffirms ransomware\'s role as a dominant threat, particularly due to its financial and operational implications. The consistent mention of encryption underscores the importance of data backup strategies and swift incident response capabilities. - **Defense Evasion**: [Obfuscated Files or Information](https://attack.mitre.org/techniques/T1027/005/) is the most frequently used technique to evade detection, maintaining its top place from previous quarters. Techniques such as [Deobfuscate/Decode Files or Information](https://attack.mitre.org/techniques/T1140/) and [Indicator Removal/File Deletion](https://attack.mitre.org/techniques/T1070/004/) followed closely, each being cited in roughly 10% of the reports. The use of these techniques highlights the adaptive strategies attackers use to bypass detection, making the development of robust detection tools and behavior-based analysis critical for defense. Read the previous quarter\'s report, [MITRE ATT&CK framework trends in OSINT (April 2024 - Jun |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | ### #### **© **command **defense **execution**: **impact**: **initial **note:** **persistence**: *convertto *executionpolicy*: 000 0e4c95a05f38 12:19 140 2018 2023 2024 2024** 242 244f 2520identity 365 365/mdo 365/safe 365/security/defender 365/zero 4476 47ab 47f1 496d 6800ce820c26/overview 7sbpswrm9NLHBHAECJQEZ 9076 > **query** tab Ab7URSBOAGAA CIT6OJ0NTXWGPNI6EQ Connections Malicious Network Outbound R2AUVRDMN0BGBTN9LMZ TimrangEid Week `Checks `devicenetworkevents` `let a097 aad ability able abnormal about abuse accepting access access**: access/brute access/concept access/overview access/valid access: accessed accessing according account accounts accounts: accumulate achieve acquired across action actions activate activating active activities activity actor actors ad3c adapt adaptive adding addition additional additionally address addresses adjust admin administration administrative administrator adoption advanced adversaries adversary advice: aerospace after again against age agent ago ahead ailurophile aim aimed alarms alert alerts aligned all allies allow allows almost alone also alto always amassed among amp; analysis analyze analyzing anomalies anomalous anonymizer another anti antivirus any app appeared appears application applications applied applying approach appropriate approximately apps apps/governance apps/tutorial apps/use april apt apts arbornetworks are areas around arsenals article article: articles artifacts artificial assist associated assume assuming att&ck attachment attachments attack attacker attackers attacking attacks attempts attract attractive attributed august authentication authenticator auto automated automatically autostart availability available avoid avoiding awareness azure azzasec back backdoor:msil/sectoprat backdoors backup backups banking barrier based baseline bbtok because been before behavior behind being benign best better between beyond blacksuit blend blending block blocked blocking blocks boot boots both boundary brand brazilian breach breaches brings broker browser browsers brute build building bullet but bypass bypassed bypasses bypassing c6a795a33c27/analystreport calendar campaign campaigns can capabilities capability capable card cards carrying casb case cast category causing center center/use/manage centers centralized centralizing cert certain certificate chain challenging chances change changes channels characteristics check cherryspy cited classes classify click clicked clicking closely cloud cmdlet code codes coding com/articles/secure com/blog/threat com/defender com/deployedge/microsoft com/double com/en com/intel com/microsoft com/security/blog/2022/05/09/ransomware com/security/business/siem com/threatanalytics3/05658b6c com/threatanalytics3/4e5f51c4 com/threatanalytics3/d2fd14cd com/v2/advanced com/windows combination command commands common commonly communicate communication community companies compared compatibility complement complemented complex compliant components comprehensive compressing compromise compromised computer conceal conditional configure configured connection connections consistent consistently constrained containing content context continually continued continues continuous continuously contributes control control**: control: controls cookie copyright correlated correlating cost could cover coverage covering create created creating creations credential credentials credentials: criminal criterion critical croatia cryptocurrency curated current custom customer customers cyber cyberattacks cybercrime cybercriminal cyberdefense cybersecurity cyble daily damage dark data data: dataset date days days** dc62 decade decisions decline deep deeper defaults defender defenders defending defense defenses delegate delete deleted deletion deliberately deliver delivered delivering delivers delivery demanding demands demonstrate demonstrates demonstrating deobfuscate/decode deobfuscating deobfuscation deploy deploying deployment description despite detect detected detection detections/hunting detects determined developed developing development devi |
| Tags | Ransomware Spam Malware Tool Vulnerability Threat Prediction Cloud Technical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.