SlideShare a Scribd company logo

MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat Sharing; Sara Terp and John Gray, Credibility Coalition Misinfosec Working Group

MITRE - ATT&CKcon
MITRE - ATT&CKcon

MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat Sharing; Sara Terp and John Gray, Credibility Coalition Misinfosec Working Group

Technology
1 of 28
Download to read offline
AMITT: ATT&CK-based Standards for Misinformation Threat Sharing Sara “SJ” Terp and John Gray (co-chairs) Credibility Coalition Misinfosec Working Group MITRE ATT&CKcon October, 2019 1
Credibility Coalition: Who We Are Is a research community of journalists, researchers, academics, students, policy-makers, technologists and engaged non-specialists that fosters collaborative approaches to understanding the veracity, quality and credibility of online information that is fundamental to civil society.
Credibility Coalition: What We Do CredCo aims to develop common standards for information credibility by incubating activities and initiatives that bring together people and institutions from a variety of backgrounds. Currently supporting these working groups: ● MisinfoSec ● The UX of Credible Content ● Health Misinformation ● Do Indicators Translate? ● Credibility Literacy ● Responding to Memes and Images
Misinfosec Working Group: People Academics Tom Taylor (ASU) Courtney Crooks (GTRI) Renee diResta (Stanford) Chau Tong (UW Madison) Nitin Agarwal (U Arkansas Little Rock) Companies Christopher Walker (Marvelous) John Gray (Mentionmapp) SJ Terp (CogSecTech) Olya Gurevich (Marvelous) Maggie Engler (GDI) David Perlman (CogSecTech) Ed Bice (Meedan) An Xiao Mina (Meedan) Zach (Guardians) Pukhraj Singh Kat Lo Government Pablo Breuer (USSOCOM) Daniel Black (NATO) Others Connie Moon Sehat (HacksHackers) Jenny 8 Lee (HackersHackers) Scott Yates (Certified Content) Antonio White
Mission The CredCo Misinfosec Working Group (“wg-misinfosec”) aims to develop a framework for the understanding of organized communications attacks (disinformation, misinformation and network propaganda). Specifically we would like to promote a more formal and rigorous classification of: ● Types of information-based attacks; and ● Types of defense from information-based attacks
Mission continued... Among the operating assumptions of the group will that social and cognitive factors can "scale up and down" within the framework—facilitating some definitional and procedural crossover in both the construction of a framework for understanding these attacks and in their detection. In this sense scales might be formulated as: ● ACTIONS: What are the atomic "actions" in propaganda attacks? ● TACTICS: How do actions combine to form larger events, including more complex actions and "attacks"? ● STRATEGY: How do the instances of attacks and actions combine to form "campaigns".
Mission continued... The main objectives of the group will be to: ● Define major terms of art at focal points on the scale, with an emphasis on descriptive or procedural rigor; ● Outline the state-of-the-art "Blue Team" options for defense and counter-attack
WG Timeline Dec 2018 Jan 2019 WG established & mission statement Feb 2019 Wrote WWW paper Mar 2019 Created incidents list Apr 2019 Created techniques list May 2019 Red Team Workshop Jun 2019 Refined AMITT Jul 2019 AMITT repo goes live Aug 2019 BlackHat presentation Sep 2019 STIX SEPs go in Oct 2019 Populating counters list Nov 2019 Blue Team Workshop Dec 2019 Refine counters
First 6 months: ● Collected and analyzed over 63 incidents ● Developed a STIX-inspired format for incident reporting ● Created AMITT, a stage-based framework for misinformation reporting and response ● Published AMITT as an open source project on Github Current 3 months: ● Collect and analyze misinformation counters ● Convene in DC to organise counters and do blue team incident planning ● Get STIX formats adopted worldwide ● Get AMITT used by reporting and responding organizations ● Find AMITT a regular ‘home’
THE NEED The only defense against the world is a thorough knowledge of it. - John Locke 10
COMPONENTWISE UNDERSTANDING AND RESPONSE • Lingua Franca across communities • Defend/countermove against reused techniques, identify gaps in attacks • Assess defence tools & techniques • Plan for large-scale adaptive threats (hello, Machine Learning!) 11
COMBINING DIFFERENT VIEWS OF MISINFORMATION • Information security (Gordon, Grugq, Rogers) • Information operations / influence operations (Lin) • A form of conflict (Singer, Gerasimov) • [A social problem] • [News source pollution] 12
DOING IT AT SCALE • Computational power • Speed of analysis • Lack of framework • Systems theory and emergence of characteristics • Cognitive friction • Cognitive dissonance https://www.visualcapitalist.com/wp- content/uploads/2018/05/internet-minute-share2.jpg 13
CREATING MISINFOSEC COMMUNITIES ● Industry ● Academia ● Media ● Community ● Government ● Infosec 14
CONNECTING MISINFORMATION ‘LAYERS’ 15 Campaigns Incidents Narratives Artifacts
WHAT WE BUILT All warfare is based on deception. - Sun Tzu All cyberspace operations are based on influence. - Pablo Breuer 16
STAGE-BASED MODELS ARE USEFUL RECON WEAPONIZE DELIVER EXPLOIT CONTROL EXECUTE MAINTAIN Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Execution Collection Exfiltration Command and Control 17
WE EXTENDED THE ATT&CK FRAMEWORK 18
POPULATING THE FRAMEWORK: HISTORICAL ANALYSIS • Campaigns • e.g. Internet Research Agency, 2016 US elections • Incidents • e.g. Columbia Chemicals • Failed attempts • e.g. Russia - France campaigns 19
HISTORICAL CATALOG: DATASHEET • Summary: Early Russian (IRA) “fake news” stories. Completely fabricated; very short lifespan. • Actor: probably IRA (source: recordedfuture) • Timeframe: Sept 11 2014 (1 day) • Presumed goals: test deployment • Artefacts: text messages, images, video • Related attacks: These were all well-produced fake news stories, promoted on Twitter to influencers through a single dominant hashtag -- #BPoilspilltsunami, #shockingmurderinatlanta, • Method: 1. Create messages. e.g. “A powerful explosion heard from miles away happened at a chemical plant in Centerville, Louisiana #ColumbianChemicals” 2. Post messages from fake twitter accounts; include handles of local and global influencers (journalists, media, politicians, e.g. @senjeffmerkley) 3. Amplify, by repeating messages on twitter via fake twitter accounts • Result: limited traction • Counters: None seen. Fake stories were debunked very quickly. 20
FEEDS INTO TECHNIQUES LIST 21
AMITT (Adversarial Misinformation and Influence Tactics and Techniques) Framework 22
AMITT PHASES AND TACTIC STAGES Planning Strategic Planning Objective Planning Preparation Develop People Develop Networks Microtargeting Develop Content Channel Selection Execution Pump Priming Exposure Go Physical Persistence Evaluation Measure Effectiveness
AMITT STIX Misinformation STIX Description Level Infosec STIX Report communication to other responders Communication Report Campaign Longer attacks (Russia’s interference in the 2016 US elections is a “campaign”) Strategy Campaign Incident Shorter-duration attacks, often part of a campaign Strategy Intrusion Set Course of Action Response Strategy Course of Action Identity Actor (individual, group, organisation etc): creator, responder, target, useful idiot etc. Strategy Identity Threat actor Incident creator Strategy Threat Actor Attack pattern Technique used in incident (see framework for examples) TTP Attack pattern Narrative Malicious narrative (story, meme) TTP Malware Tool bot software, APIs, marketing tools TTP Tool Observed Data artefacts like messages, user accounts, etc Artefact Observed Data Indicator posting rates, follow rates etc Artefact Indicator Vulnerability Cognitive biases, community structural weakness etc Vulnerability Vulnerability
STIX GRAPHS (STIG) 25
INTELLIGENCE SHARING AND COORDINATION BODIES 26
Moving forward ● Focus on Blue Team research and exercises which thorough explore the space of potential inoculations and counter-attacks. ● Propose AMITT as the basis of new misinformation response centers, including ISAOs (Information Sharing and Analysis Organizations) and ISACs (Information Sharing and Analysis Centers) ● Test AMITT against new incidents - both historical incidents that we haven’t included in it, and new incidents as they emerge. Part of this work is to find existing response populations who could use the framework and determine the training and adaptations they need to be able to use it themselves. This will make the framework more useful both to them and to future potential users
AMITT UPDATES AT http://misinfosec.org

Recommended

Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radarSaraJayneTerp
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideMITRE ATT&CK
 
Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)SaraJayneTerp
 
ATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSMITRE ATT&CK
 
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Vaticle
 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterMITRE ATT&CK
 

Recommended

Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radarSaraJayneTerp
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideMITRE ATT&CK
 
Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)SaraJayneTerp
 
ATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSMITRE ATT&CK
 
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Vaticle
 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterMITRE ATT&CK
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Telesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicTelesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicSarah Chandley
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKMITRE ATT&CK
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...MITRE ATT&CK
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfSaraJayneTerp
 
ATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceMITRE ATT&CK
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE - ATT&CKcon
 
Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...MITRE ATT&CK
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConJorge Orchilles
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamWhat is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamMITRE ATT&CK
 
ATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsMITRE ATT&CK
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudMITRE ATT&CK
 
WG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdfWG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdfSaraJayneTerp
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 

More Related Content

What's hot

Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Telesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicTelesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicSarah Chandley
 
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKMITRE ATT&CK
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...MITRE ATT&CK
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfSaraJayneTerp
 
ATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceMITRE ATT&CK
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE - ATT&CKcon
 
Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...MITRE ATT&CK
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConJorge Orchilles
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamWhat is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamMITRE ATT&CK
 
ATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsMITRE ATT&CK
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudMITRE ATT&CK
 

What's hot (20)

Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
Telesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicTelesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting Infographic
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdf
 
ATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open Source
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
 
Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have Changed
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMCon
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamWhat is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
 
ATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsATT&CK Updates- Campaigns
ATT&CK Updates- Campaigns
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The Cloud
 

Similar to MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat Sharing; Sara Terp and John Gray, Credibility Coalition Misinfosec Working Group

WG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdfWG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdfSaraJayneTerp
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 
2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_secSara-Jayne Terp
 
2019 11 terp_breuer_disclosure_master
2019 11 terp_breuer_disclosure_master2019 11 terp_breuer_disclosure_master
2019 11 terp_breuer_disclosure_masterbodaceacat
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...Sara-Jayne Terp
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umarylandSara-Jayne Terp
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeleySara-Jayne Terp
 
MASINT and Global War on Terror
MASINT and Global War on TerrorMASINT and Global War on Terror
MASINT and Global War on TerrorTpeisi Nesby
 
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewEnow Eyong
 
Strategic perspectives 3
Strategic perspectives 3Strategic perspectives 3
Strategic perspectives 3archiejones4
 
Threat Sharing for Human Rights
Threat Sharing for Human RightsThreat Sharing for Human Rights
Threat Sharing for Human RightsMegan DeBlois
 
The Ohio State Cyber Security Response.docx
The Ohio State Cyber Security Response.docxThe Ohio State Cyber Security Response.docx
The Ohio State Cyber Security Response.docxwrite5
 
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...Willy Marroquin (WillyDevNET)
 
Using Data and New Technology for Peacemaking, Preventive Diplomacy, and Peac...
Using Data and New Technology for Peacemaking, Preventive Diplomacy, and Peac...Using Data and New Technology for Peacemaking, Preventive Diplomacy, and Peac...
Using Data and New Technology for Peacemaking, Preventive Diplomacy, and Peac...UN Global Pulse
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
How does fakenews spread understanding pathways of disinformation spread thro...
How does fakenews spread understanding pathways of disinformation spread thro...How does fakenews spread understanding pathways of disinformation spread thro...
How does fakenews spread understanding pathways of disinformation spread thro...Araz Taeihagh
 
Assistive Technology Considerations TemplateSubject AreaSample.docx
Assistive Technology Considerations TemplateSubject AreaSample.docxAssistive Technology Considerations TemplateSubject AreaSample.docx
Assistive Technology Considerations TemplateSubject AreaSample.docxcockekeshia
 
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...IJNSA Journal
 

Similar to MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat Sharing; Sara Terp and John Gray, Credibility Coalition Misinfosec Working Group (20)

WG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdfWG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdf
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy
 
2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec
 
2019 11 terp_breuer_disclosure_master
2019 11 terp_breuer_disclosure_master2019 11 terp_breuer_disclosure_master
2019 11 terp_breuer_disclosure_master
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
 
2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosure
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley
 
MASINT and Global War on Terror
MASINT and Global War on TerrorMASINT and Global War on Terror
MASINT and Global War on Terror
 
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature Review
 
Strategic perspectives 3
Strategic perspectives 3Strategic perspectives 3
Strategic perspectives 3
 
Threat Sharing for Human Rights
Threat Sharing for Human RightsThreat Sharing for Human Rights
Threat Sharing for Human Rights
 
The Ohio State Cyber Security Response.docx
The Ohio State Cyber Security Response.docxThe Ohio State Cyber Security Response.docx
The Ohio State Cyber Security Response.docx
 
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
 
Using Data and New Technology for Peacemaking, Preventive Diplomacy, and Peac...
Using Data and New Technology for Peacemaking, Preventive Diplomacy, and Peac...Using Data and New Technology for Peacemaking, Preventive Diplomacy, and Peac...
Using Data and New Technology for Peacemaking, Preventive Diplomacy, and Peac...
 
COMMON GOOD DIGITAL FRAMEWORK
COMMON GOOD DIGITAL FRAMEWORKCOMMON GOOD DIGITAL FRAMEWORK
COMMON GOOD DIGITAL FRAMEWORK
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber Security
 
How does fakenews spread understanding pathways of disinformation spread thro...
How does fakenews spread understanding pathways of disinformation spread thro...How does fakenews spread understanding pathways of disinformation spread thro...
How does fakenews spread understanding pathways of disinformation spread thro...
 
Assistive Technology Considerations TemplateSubject AreaSample.docx
Assistive Technology Considerations TemplateSubject AreaSample.docxAssistive Technology Considerations TemplateSubject AreaSample.docx
Assistive Technology Considerations TemplateSubject AreaSample.docx
 
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
 

More from MITRE - ATT&CKcon

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesMITRE - ATT&CKcon
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...MITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE - ATT&CKcon
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsMITRE - ATT&CKcon
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
 
What's New with ATTACK for ICS?
What's New with ATTACK for ICS?What's New with ATTACK for ICS?
What's New with ATTACK for ICS?MITRE - ATT&CKcon
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?MITRE - ATT&CKcon
 
ATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesMITRE - ATT&CKcon
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionMITRE - ATT&CKcon
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020MITRE - ATT&CKcon
 
What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?MITRE - ATT&CKcon
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-TechniquesMITRE - ATT&CKcon
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE - ATT&CKcon
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE - ATT&CKcon
 

More from MITRE - ATT&CKcon (20)

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - January
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
 
What's New with ATTACK for ICS?
What's New with ATTACK for ICS?What's New with ATTACK for ICS?
What's New with ATTACK for ICS?
 
Putting the PRE into ATTACK
Putting the PRE into ATTACKPutting the PRE into ATTACK
Putting the PRE into ATTACK
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?
 
ATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the Matrices
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis Question
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020
 
What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-Techniques
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - December
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - October
 

Recently uploaded

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Recently uploaded (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat Sharing; Sara Terp and John Gray, Credibility Coalition Misinfosec Working Group

  • 1. AMITT: ATT&CK-based Standards for Misinformation Threat Sharing Sara “SJ” Terp and John Gray (co-chairs) Credibility Coalition Misinfosec Working Group MITRE ATT&CKcon October, 2019 1
  • 2. Credibility Coalition: Who We Are Is a research community of journalists, researchers, academics, students, policy-makers, technologists and engaged non-specialists that fosters collaborative approaches to understanding the veracity, quality and credibility of online information that is fundamental to civil society.
  • 3. Credibility Coalition: What We Do CredCo aims to develop common standards for information credibility by incubating activities and initiatives that bring together people and institutions from a variety of backgrounds. Currently supporting these working groups: ● MisinfoSec ● The UX of Credible Content ● Health Misinformation ● Do Indicators Translate? ● Credibility Literacy ● Responding to Memes and Images
  • 4. Misinfosec Working Group: People Academics Tom Taylor (ASU) Courtney Crooks (GTRI) Renee diResta (Stanford) Chau Tong (UW Madison) Nitin Agarwal (U Arkansas Little Rock) Companies Christopher Walker (Marvelous) John Gray (Mentionmapp) SJ Terp (CogSecTech) Olya Gurevich (Marvelous) Maggie Engler (GDI) David Perlman (CogSecTech) Ed Bice (Meedan) An Xiao Mina (Meedan) Zach (Guardians) Pukhraj Singh Kat Lo Government Pablo Breuer (USSOCOM) Daniel Black (NATO) Others Connie Moon Sehat (HacksHackers) Jenny 8 Lee (HackersHackers) Scott Yates (Certified Content) Antonio White
  • 5. Mission The CredCo Misinfosec Working Group (“wg-misinfosec”) aims to develop a framework for the understanding of organized communications attacks (disinformation, misinformation and network propaganda). Specifically we would like to promote a more formal and rigorous classification of: ● Types of information-based attacks; and ● Types of defense from information-based attacks
  • 6. Mission continued... Among the operating assumptions of the group will that social and cognitive factors can "scale up and down" within the framework—facilitating some definitional and procedural crossover in both the construction of a framework for understanding these attacks and in their detection. In this sense scales might be formulated as: ● ACTIONS: What are the atomic "actions" in propaganda attacks? ● TACTICS: How do actions combine to form larger events, including more complex actions and "attacks"? ● STRATEGY: How do the instances of attacks and actions combine to form "campaigns".
  • 7. Mission continued... The main objectives of the group will be to: ● Define major terms of art at focal points on the scale, with an emphasis on descriptive or procedural rigor; ● Outline the state-of-the-art "Blue Team" options for defense and counter-attack
  • 8. WG Timeline Dec 2018 Jan 2019 WG established & mission statement Feb 2019 Wrote WWW paper Mar 2019 Created incidents list Apr 2019 Created techniques list May 2019 Red Team Workshop Jun 2019 Refined AMITT Jul 2019 AMITT repo goes live Aug 2019 BlackHat presentation Sep 2019 STIX SEPs go in Oct 2019 Populating counters list Nov 2019 Blue Team Workshop Dec 2019 Refine counters
  • 9. First 6 months: ● Collected and analyzed over 63 incidents ● Developed a STIX-inspired format for incident reporting ● Created AMITT, a stage-based framework for misinformation reporting and response ● Published AMITT as an open source project on Github Current 3 months: ● Collect and analyze misinformation counters ● Convene in DC to organise counters and do blue team incident planning ● Get STIX formats adopted worldwide ● Get AMITT used by reporting and responding organizations ● Find AMITT a regular ‘home’
  • 10. THE NEED The only defense against the world is a thorough knowledge of it. - John Locke 10
  • 11. COMPONENTWISE UNDERSTANDING AND RESPONSE • Lingua Franca across communities • Defend/countermove against reused techniques, identify gaps in attacks • Assess defence tools & techniques • Plan for large-scale adaptive threats (hello, Machine Learning!) 11
  • 12. COMBINING DIFFERENT VIEWS OF MISINFORMATION • Information security (Gordon, Grugq, Rogers) • Information operations / influence operations (Lin) • A form of conflict (Singer, Gerasimov) • [A social problem] • [News source pollution] 12
  • 13. DOING IT AT SCALE • Computational power • Speed of analysis • Lack of framework • Systems theory and emergence of characteristics • Cognitive friction • Cognitive dissonance https://www.visualcapitalist.com/wp- content/uploads/2018/05/internet-minute-share2.jpg 13
  • 14. CREATING MISINFOSEC COMMUNITIES ● Industry ● Academia ● Media ● Community ● Government ● Infosec 14
  • 16. WHAT WE BUILT All warfare is based on deception. - Sun Tzu All cyberspace operations are based on influence. - Pablo Breuer 16
  • 17. STAGE-BASED MODELS ARE USEFUL RECON WEAPONIZE DELIVER EXPLOIT CONTROL EXECUTE MAINTAIN Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Execution Collection Exfiltration Command and Control 17
  • 18. WE EXTENDED THE ATT&CK FRAMEWORK 18
  • 19. POPULATING THE FRAMEWORK: HISTORICAL ANALYSIS • Campaigns • e.g. Internet Research Agency, 2016 US elections • Incidents • e.g. Columbia Chemicals • Failed attempts • e.g. Russia - France campaigns 19
  • 20. HISTORICAL CATALOG: DATASHEET • Summary: Early Russian (IRA) “fake news” stories. Completely fabricated; very short lifespan. • Actor: probably IRA (source: recordedfuture) • Timeframe: Sept 11 2014 (1 day) • Presumed goals: test deployment • Artefacts: text messages, images, video • Related attacks: These were all well-produced fake news stories, promoted on Twitter to influencers through a single dominant hashtag -- #BPoilspilltsunami, #shockingmurderinatlanta, • Method: 1. Create messages. e.g. “A powerful explosion heard from miles away happened at a chemical plant in Centerville, Louisiana #ColumbianChemicals” 2. Post messages from fake twitter accounts; include handles of local and global influencers (journalists, media, politicians, e.g. @senjeffmerkley) 3. Amplify, by repeating messages on twitter via fake twitter accounts • Result: limited traction • Counters: None seen. Fake stories were debunked very quickly. 20
  • 22. AMITT (Adversarial Misinformation and Influence Tactics and Techniques) Framework 22
  • 23. AMITT PHASES AND TACTIC STAGES Planning Strategic Planning Objective Planning Preparation Develop People Develop Networks Microtargeting Develop Content Channel Selection Execution Pump Priming Exposure Go Physical Persistence Evaluation Measure Effectiveness
  • 24. AMITT STIX Misinformation STIX Description Level Infosec STIX Report communication to other responders Communication Report Campaign Longer attacks (Russia’s interference in the 2016 US elections is a “campaign”) Strategy Campaign Incident Shorter-duration attacks, often part of a campaign Strategy Intrusion Set Course of Action Response Strategy Course of Action Identity Actor (individual, group, organisation etc): creator, responder, target, useful idiot etc. Strategy Identity Threat actor Incident creator Strategy Threat Actor Attack pattern Technique used in incident (see framework for examples) TTP Attack pattern Narrative Malicious narrative (story, meme) TTP Malware Tool bot software, APIs, marketing tools TTP Tool Observed Data artefacts like messages, user accounts, etc Artefact Observed Data Indicator posting rates, follow rates etc Artefact Indicator Vulnerability Cognitive biases, community structural weakness etc Vulnerability Vulnerability
  • 26. INTELLIGENCE SHARING AND COORDINATION BODIES 26
  • 27. Moving forward ● Focus on Blue Team research and exercises which thorough explore the space of potential inoculations and counter-attacks. ● Propose AMITT as the basis of new misinformation response centers, including ISAOs (Information Sharing and Analysis Organizations) and ISACs (Information Sharing and Analysis Centers) ● Test AMITT against new incidents - both historical incidents that we haven’t included in it, and new incidents as they emerge. Part of this work is to find existing response populations who could use the framework and determine the training and adaptations they need to be able to use it themselves. This will make the framework more useful both to them and to future potential users
  • 28. AMITT UPDATES AT http://misinfosec.org