How do cyber pros prioritize their security efforts? A good place to start is knowing exactly what tactics, techniques and procedures (TTP) threat actors use. In a recently published report, aggregated data was used to identify the most common attack techniques as defined by the MITRE ATT&CK framework.
The study revealed that PowerShell Command & Scripting Interpreter was the number one attack technique used by threat actors. PowerShell is a command-line shell and scripting language that is widely used by system administrators and security professionals to automate tasks and manage systems. But threat actors can also use PowerShell to carry out malicious activities on compromised systems.
Top Attack Techniques
The report provides a strong representation of adversary activity from authoritative sources. It assembled data from M-Trends, Red Canary’s Threat Detection Report, CTID ATT&CK Sightings Ecosystem and CISA alerts ranging from 2020 to 2022.
At the top of the list of techniques was PowerShell. As per the report, adversaries that breach a system are likely to start up the PowerShell command line utility 28.49% of the time. Using this technique, actors can move laterally throughout a network and gain persistence on the compromised machine. Obfuscating files and exploiting public-facing applications were second and third on the list of top techniques used by attackers.
Palo Alto Networks Unit 42 recently reported that the ransomware gang Vi ..
Support the originator by clicking the read the rest link below.
