Announcement

Collapse
No announcement yet.

Flight's Delayed == Bonus Content!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Flight's Delayed == Bonus Content!

    Technically canceled, but I'll still make if for the demo! In the meantime, check out another great application for Control Validation Compass with this summary of the TTPs associated with the malicious software covered in CISA's recent "top malware" advisory. This draws on a repo of ATT&CK TTP heatmap files I built based on the report (and a handful of open source CTI reports). The Control Validation Compass Risk page has a purpose-built feature that makes it extremely easy to take data formatted as ATT&CK Navigator json files and instantly output all the control policy guidance, detection rules, and red team test scripts relevant to just those CTI-based techniques.

    Modify Registry (T1112), Ingress Tool Transfer (T1155), and Obfuscated Files or Information were the techniques most commonly observed across the different malware, associated with 9 / 11 malware. PowerShell, Windows Command Shell, and Modify Registry were the techniques with the highest volume of detection rules. System Information Discovery, Ingress Tool Transfer, and Scheduled Task had the most red team unit test scripts. We can also flip this approach on its head and look at the techniques with the lowest volume of out-of-the-box detections & tests, which is helpful for identification of potential security gaps that could be filled with custom rules or tests. Symmetric Cryptography, Reflective Cod Loading, Standard Encoding, Office Template Macros, and Browser Session Hijacking were the techniques with the lowest combined volume of detections + tests. Read the full summary and quick analysis below (more to come hopefully after DC). (It's a Public article but aiming to get this hosted on the Control Compass site for folks who don't use/aren't fans of Linkedin.)

    CISA's "Top Malware"​ Report: Technique Overlap & Operational Resources
Working...
X