August 15, 2019

One thing you can be sure of is that cybercriminals always up their game.

Here’s a great example of this. Malware used to be something that could be caught using what was known as ‘signatures’. That is, specific code within the virus that could be used to identify it. Back in those days, catching a virus was much easier.

Now, we have something called a ‘polymorphic’ attack, which translates to the software being able to change depending on the environment it ends up in. This makes it much harder to detect and prevent. Polymorphic attacks are only one of many that have become super good at evading detection.

As cyber-attacks become more complex, we must use networks of intelligence that the ‘good guys’ build. One such intelligence gathering exercise has been done by Mitre. Here we look at what this is and how we can use it to up our own game in preventing cyber-attacks.


What is Mitre ATT&CK


There are so many types of cyber-threats, techniques, and mechanisms, that it can be really hard to keep track of them. Fortunately, some of us quite enjoy working out what cybercriminals are up to and then documenting the threats. One company doing stellar work in this area is Mitre.

Mitre is a U.S. based company who works closely with the federal government. Through their ongoing work within cybersecurity, Mitre has put together an online repository of cybersecurity attack methods and techniques. They have called this matrix of information, Mitre ATT&CK. The ATT&CK is an acronym for “adversarial tactics, techniques, and common knowledge”. The information in the ATT&CK matrix is a continually updated collection of data from which to understand the various cybersecurity attack methods.

The information collated by Mitre is displayed on web pages as a matrix. It comprises attack methods and stages of delivery, used by cybercriminals, and was originally developed for Mitre’s own internal project use. Using the data in the Mitre ATT&CK matrices you can identify an attack mode and see mitigations to help you detect, prevent, and deter the attack.

What is really useful about the repository is that it is an ongoing record of adversarial behaviour that is accessible to all.

The ATT&CK knowledge base is found using the online portal: https://attack.mitre.org/

The data is conveniently published to a matrix listing all of the known-attack methods. There are three main matrices:

  2. Enterprise:
    1. Linux
    2. MacOS
    3. Windows
  3. Mobile




When you go to any of the matrices you will see a block of attack types across the top and the techniques used to execute an attack listed in columns. For example, if you go to

Enterprise Matrix – Windows/Spear Phishing link

the page will tell you all about what spear phishing is. It will also tell you how to mitigate the attack type:

Mitigation Description
Restrict Web Based Content Determine if certain websites that can be used for spearphishing are necessary for business operations and consider blocking access if activity cannot be monitored well or if it poses a significant risk.
User Training Users can be trained to identify social engineering techniques and spearphishing emails with malicious links.


Source: Mitre ATT&CK


You can also look specifically at Tactics, Techniques, and Mitigations. Each is accessible at the top of the main Mitre ATT&CK page.


How to Use Mitre ATT&CK for Security Awareness?


Mitre ATT&CK is created for many types of use, including:

Adversary emulation: to understand the techniques used by cybercriminals to attack your network.

Assessment of security gaps:to identify any areas in your network that need to be addressed in terms of improving protective mechanisms.

Red teams: a red team acts as an adversary to test out your protective measures against a cyber-attack. The information in ATT&CK can give a red team the necessary intelligence to build a more effective attack simulation.

In terms of security awareness training, under Mitigations, there is a section on user training.


user training


This section shows the various types of cybersecurity attacks that user training can help mitigate. You can use this intelligence to help kick-start or rekindle a security awareness training programme for your organisation:

  1. To give you the know-how when talking with your chosen security awareness training vendor
  2. To evidence the need for security awareness training to your C-Level
  3. For your own personal cybersecurity awareness


– Watch our hilarious security awareness training –

How Does Understanding Cyber Security Attack Methods Help Business?


The UK Government “Cyber Security Breaches Survey 2019” found that 32% of UK companies have experienced a cyber-attack in the previous 12-months. Of those, 80% were victims of phishing campaigns. However, there is a positive note from the survey. The figure of 32% is down on the previous report in 2018. Back then, 43% of UK companies were victims of a cyber-attack. The report discusses why this figure has decreased and comes up with this as an explanation:

One plausible explanation for fewer businesses identifying breaches is if they are generally becoming more cyber secure. The survey shows that businesses have increased their planning and defences against cyber attacks since 2018.”

Having an understanding of the types of cybersecurity attacks that are common, is vital in an age where cybersecurity attacks are a daily occurrence. We can no longer sit on our laurels and hope that anti-virus software or firewalls will protect our company from cyber-attacks. The Mitre ATT&CK information gives us the weapons to be offensive, now that defensive techniques are failing. Knowledge is king and queen in an age where social engineering reigns.


Ways to Remain Cyber-Security Aware Using Mitre ATT&CK


Mitre ATT&CK is well worth a browse through, and at the very least it can be a great addition to your own personal security awareness training. The mitigation sections can also help you to develop your organisation’s security policy. And, it can be invaluable in evidencing your need for security awareness training when presenting to your management or board for cybersecurity funding support.

Taking it one step further. You can use the data gathered by the Mitre team to prepare your organisation for a security awareness training session; picking out key and current issues that need to be addressed with employees.

Remaining cybersecurity aware is part of an ongoing process of personal and professional development if you are an IT professional. Using sources of intelligence such as the Mitre ATT&CK can help you condense and focus your learning.

Want to learn more about empowering employees with security awareness training? Sign up for a free demo and find out how we’re already helping organisations just like yours.

Share this: