User Tools

Site Tools


wiki:start

How to defend ourselves?

We can use MITRE Att&ck framework to asses defensive capability across your security architecture.

The MITRE ATT&K® framework helps provide context to the Sunburst campaign. The following represent known tactics and techniques:

  • Query Registry [T1012]
  • Obfuscated Files or Information [1027]
  • Obfuscated Files or Information: Steganography [T1027.003]
  • Process Discovery [T1057]
  • Indicator Removal on Host: File Deletion [T1070.004]
  • Application Layer Protocol: Web Protocols [T1071.001]
  • Application Layer Protocol: DNS [T1071.004]
  • File and Directory Discovery [T1083]
  • Ingress Tool Transfer [T1105]
  • Data Encoding: Standard Encoding [T1132.001]
  • Supply Chain Compromise: Compromise Software Dependencies and Development Tools [ [T1195.001]
  • Supply Chain Compromise: Compromise Software Supply Chain [T1195.002]
  • Software Discovery [T1518]
  • Software Discovery: Security Software Discovery [T1518.001]
  • Create or Modify System Process: Windows Service [T1543.003]
  • Subvert Trust Controls: Code Signing [T1553.002]
  • Dynamic Resolution: Domain Generation Algorithms [T1568.002]
  • System Services: Service Execution [T1569.002]
  • Compromise Infrastructure [T1584]

Mitigation steps

  • Implementing multi factor authentication.
  • Monitoring all services for any changes in tokens or keys and for malicious activities.
  • Re-evaluating API key integrations, SAML integrations and website configuration files.
  • Review all system and security policies.
  • Resetting user credentials.
  • Consider security auditing.

Links to get started

wiki/start.txt · Last modified: 2021/01/10 12:21 by dk