The MITRE ATT&CK Framework has generated buzz about across the industry lately for good reason.
The knowledge base―a living, breathing breakdown of adversary TTPs and behaviors—outlines in great
detail each phase of a cyber attack and the best methods for detecting and mitigating each technique.
The framework can greatly help threat hunters looking to speed up their hunting cycle.
While attackers may not necessarily leave the endpoint with data in these types of attacks, organizations
would benefit from using endpoint detection and response tools to gain better visibility into behaviors and
data movement. Organizations can also use file integrity monitoring solutions to identify and track real-
time changes to files, folders, and other settings. Logging activity can also help but it’s not a silver bullet.
IT teams need to develop internal controls to audit this information and ensure they constantly have eyes
on the glass, triaging logs generated by their environment.
Data manipulation attacks can have disastrous consequences and cause significant disruption to a
business, country, or even the world in some circumstances. Being prepared is the first step to potentially
limiting or preventing the impact of these attacks.
About the author
Tim Bandos is Vice President of Cybersecurity at Digital Guardian. He has
over 15 years of experience in the cybersecurity realm with a heavy focus on
Internal Controls, Incident Response & Threat Intelligence.