Connect with us
728x90 banner available here

Latest News

PRE-ATT&CK Techniques: The Key to Preventing Cyber Attacks

Published

6 years ago

on

PRE-ATT&CK Techniques: The Key to Preventing Cyber AttacksReading Time: 4 minutes

 

Cyber attackers are now targeting any kind of information that can reward them: from personal data to corporate information to government secrets. However, behind each attack, there is a long chain of thoroughly selected actions.

While most organizations focus their attention on protecting the perimeter of their corporate network, the cybersecurity experts from MITRE advise expanding their ability to understand the behavior of adversaries.

Hackers select their victims long before their attack and carefully collect information about them before executing any malicious actions. Nowadays, the internet provides them with a great variety of data about almost any company, so adversaries can learn enough not only about a company’s activity but also about its cybersecurity weak spots.

To help security officers understand how hackers choose their victims and prevent an attack before it even begins, MITRE, a non-profit corporation that tackles cybersecurity problems, has created the PRE-ATT&CK matrix that is a part of the Adversarial Tactics, Techniques, and Common Knowledge, also known as the ATT&CK framework.

 

What is the PRE-ATT&CK matrix?

PRE-ATT&CK allows security officers to prevent a possible attack before an adversary penetrates into their network. The PRE-ATT&CK matrix contains 15 tactics and more than 150 techniques that explain the adversary planning, information gathering, reconnaissance, and setup when preparing their attack.

The tactics in PRE-ATT&CK explain the typical adversarial techniques and procedures for selecting a victim, obtaining information about it, and launching the cyber attack. This information provides security officers with a broader understanding of adversary behavior before any indicators of compromise appear.

 

PRE-ATT&CK allows security officers to find answers on the following questions:

  •        Are there any signs that cyber attackers are targeting your organization?
  •        What adversary techniques may an attacker apply to your company?
  •        How can you analyze the collected data to notice a hacker’s interest into your organisation?

 

Analyzing the PRE-ATT&CK techniques and tactics, defenders can get a better understanding of cyber attacker activities. They can use this knowledge to make appropriate decisions on what technical measures and mitigations to adopt in order to reduce hacker’s chances on properly preparing an attack on their organization.

 

How to use the PRE-ATT&CK matrix

The PRE-ATT&CK matrix provides detailed information about how adversaries prepare for arranging a cyber attack. The PRE-ATT&CK tactics explain what goals an aversary sets for themselves, while each technique shows how these goals can be achieved. The tactics in PRE ATT&CK reflect such attacker goals:

  •        Priority definition
  •        Victim selection
  •        Gathering information about a victim
  •        Victim weakness identification
  •        Persona development
  •        Capabilities setup

The PRE-ATT&CK techniques show how adversaries perform each tactic and allow enterprise defenders to track and organize attack statistics and patterns.

Priority definition

Using this tactic, an adversary weighs all the pros and cons of arranging an attack. They set their goals by considering how the information they are getting can benefit them and what kind of information has the biggest value for them. At this stage, cyber criminals compare the cost of cyber intrusions with the expected reward from their activity.

Victim selection

Taking into account their priorities, adversaries begin to look for their victims. They take their strategic considerations and then narrow them down tactically and operationally until a victim is selected. Depending on their target, adversaries can decide to attack it directly or through business partners. However, for making the right decision, hackers usually need to collect all possible information about their target.

Gathering information about the victim

After adversaries select their victim, they can’t blindly execute an attack. They first need to gather all information about their target: the type of technical system the victim uses, the personnel that works for the victim, and the victim organization itself.

Attackers usually collect information about their victims by using open-source intelligence tools and techniques. Such data about a victim as organization’s domains, email address format, names of top personnel can be freely found online by combining phishing and social engineering techniques.

While organizations can’t minimize their presence on the internet nowadays, security officers can consider how the public data of their company may be abused and define vectors of possible attacks.

 

Identifying victim weaknesses

By analyzing all the data collected at the previous stage, adversaries can find potential weaknesses of their victim. The discovered vulnerabilities become the basis of creating a plan of the attack. Weakness identification also allows adversaries to test and configure their own systems for attack execution.

At this stage, defenders can consider the Pyramid of Pain that will help them define the importance of indicators of compromise.

 

Persona development

Though the internet is a place where you can find everyone, it’s also a place where anyone can create a fake persona. A hacker can develop their persona by providing a fake email address and personal information to one of the social media sites. Getting in contact with a potential victim, an adversary can gain greater access to the victim’s personal profile with an intention to abuse this data later.

Unfortunately, most social media don’t inform their users whether someone viewed their profile. However, organizations can establish tight privacy control for their corporate accounts in social media by establishing trusted connections, blocking suspicious content, and educating their employees.

 

Capabilities setup

After getting in contact with potential victims, an adversary will establish capabilities for arranging an attack. Though some cyberc riminals may be really technology-savvy, most of them look for the easiest way to maintain their own internet infrastructure.

There are plenty of cost-effective ways to anonymously use servers, autonomous systems, and networks. Adversaries often abuse this anonymity for achieving their malicious goals. Paying just several dollars per month, they can get a virtual presence enough for compromising your organization.

Even if your logs detected adversarial activity from a specific server, it would be very difficult to legally pursue that source because of the lack of evidence. Though it may seem nearly impossible to detect an adversary at this stage of the cyber attack, security teams should pay attention to behavioral patterns that indicate hacker’s activity.

While PRE-ATT&CK describes only the adversarial behavior before an attack, MITRE has recently integrated some PRE-ATT&CK techniques into ATT&CK to let security teams define the potential vectors of attacks on their organizations and improve their security measures accordingly.

Enterprises that integrate PRE-ATT&CK into their security best practices can significantly enhance their protection measures and prevent adversaries long before they actually begin their malicious campaigns.

 

Conclusion

It’s not a secret that cyber attacks are now more targeted than any time before. Cyber criminals carefully select their next victim and conduct a thorough investigation before penetrating into your corporate network. Using the PRE-ATT&CK matrix from MITRE, security teams can reveal the early signs of adversarial behavior and prevent an attack before hackers compromise your organization.  

 

This article is a contribution from Marcell Gogan.  Marcell is a specialist within digital security solutions, business design and development, virtualization and cloud computing, R&D projects, establishment and management of software research direction – working with Ekran System. He also loves writing about data management and cybersecurity. 


Source: Latest News on European Gaming Media Network
This is a Syndicated News piece. Photo credits or photo sources can be found on the source article: PRE-ATT&CK Techniques: The Key to Preventing Cyber Attacks

Related Topics:

George Miller (Gyorgy Molnar) started his career in content marketing and has started working as an Editor/Content Manager for our company in 2016. George has acquired many experiences when it comes to interviews and newsworthy content becoming Head of Content in 2017. He is responsible for the news being shared on multiple websites that are part of the European Gaming Media Network.

Continue Reading
Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)
Click to comment

You must be logged in to post a comment Login

Leave a Reply

Latest News

Kaizen Foundation and UEFA Foundation for Children send strong message on inclusion through continued partnership

Published

1 day ago

on

April 25, 2025

By

Reading Time: 3 minutes

 

The Kaizen Foundation participates in UEFA Foundation for Children’s 10th Anniversary celebration, supporting amputee football and raising awareness about inclusion through sport. The partnership will expand into the summer through the “Legacy for the Future” project.

Kaizen Foundation, the Social Purpose Foundation funded exclusively by Kaizen Gaming, is announcing its participation in the 10th Anniversary celebrations of the UEFA Foundation for Children. During the celebrations, the Kaizen Foundation will be sponsoring a showcase match of two amputee teams with players from Greece, England and Poland at the Colovray Stadium in Nyon on April 28th at 15:30-16:45 CEST. This will be followed by a dedicated cup ceremony.

The focus of the celebrations – held in collaboration with the UEFA Foundation’s partners Football Is More and the European Amputee Football Federation – is inclusion in sports. The amputee football match offers a unique opportunity to witness the incredible spirit and talent of amputee athletes as they compete for the trophy. Highlighting the importance of inclusion in football, the game is guaranteed to captivate the audience and showcase football’s unifying power.

In addition, the Kaizen Foundation will be supporting a Conference on Inclusion to discuss football’s role in social responsibility and inclusion. Happening at the Chateau de Bossey, scheduled to take place earlier on the same day at 11.00 – 12.30 CEST, the conference will feature high-profile guests, including Prof. Dr. Jürgen Buschmann from the German Sports University of Cologne.

Kaizen Foundation and UEFA Foundation for Children expand their partnership into the “Legacy for the Future” project

Excitingly, the Kaizen Foundation is also announcing the expansion of its successful partnership with the UEFA Foundation for Children by supporting the “Legacy for the Future” project, aiming to leave a lasting legacy which fosters the empowerment of girls and women in countries from the UEFA participating national associations.

Within the framework of this partnership, Kaizen Foundation shall support initiatives undertaken by Τhe UEFA Foundation for Children across Portugal, Belgium, Germany and Denmark. The initiatives aim to empower girls and women to dismantle barriers in football and beyond, namely in education, legal rights and access to sport. Said initiatives will be associated with the respective women’s national teams, in order to enhance visibility and promote collective social responsibility.

This builds on the Kaizen Foundation’s inaugural partnership with the UEFA Foundation for Children to  support the “10,000 Smiles” project, which provided 10,000 UEFA EURO 2024™ match tickets to associations working with vulnerable children. As part of the expansion of this partnership, Kaizen Foundation shall donate €300,000 to further aid the UEFA Foundation for Children’s aims and ambitions.

“It’s a great honour to be part of the UEFA Foundation for Children’s 10th Anniversary celebrations,” said Panos Konstantopoulos, President of the Kaizen Foundation. “By championing inclusion through the amputee match, we hope to inspire clubs and communities across Europe and the globe to take meaningful steps toward breaking down barriers. The UEFA Foundation for Children does extraordinary work, and we are thrilled to expand our partnership into the Legacy for the Future project, supporting local charities with the mission to dismantle barriers for girls in and out of sports. Our joint initiatives are a powerful reminder that nothing should stand in the way of what people can achieve, regardless of who they are or where they come from.”

“Football has an extraordinary power to bring everybody together. Partnering with organisations like the Kaizen Foundation is key to building a movement that drives real impact and leaves a lasting legacy,” said Carine N’koué, General Secretary of UEFA Foundation for Children. “Not only are we celebrating our 10th Anniversary together, but by deepening our collaboration with the Legacy for the Future project, we can continue to build on our mission to use the power of football to unite and bring joy to millions of disadvantaged children around the world.”

 

The post Kaizen Foundation and UEFA Foundation for Children send strong message on inclusion through continued partnership appeared first on European Gaming Industry News.

Continue Reading

Latest News

Fanatics Sportsbook Is the Fastest Growing Sportsbook in America – and Is Expanding Its FanCash and Fair Play Initiatives

Published

1 day ago

on

April 25, 2025

By

Reading Time: 2 minutes

 

Awarded $750k in FanCash last Week and Extended Fair Play Protection to First Half for NBA Playoffs

 Since its inception, Fanatics Sportsbook has been able to set itself apart from the competition with customer-first initiatives like FanCash Drops and Fair Play. Fanatics Sportsbook has expanded those efforts with the launch of the brand-new FanCash Drop game and an exclusive extension of the Fair Play policy from the first quarter to the first half for all games throughout the NBA Playoffs.

Fanatics Sportsbook, now the fastest growing sportsbook in America*, recently debuted FanCash Drop, a new game giving customers the chance to win up to $10k in FanCash.** Last week, Fanatics Sportsbook awarded more than $750k in FanCash as part of the new FanCash Drop game. With 75% of sportsbook customers using FanCash and up to 10% of FanCash being redeemed each month on Fanatics.com and the Fanatics app, FanCash has become a major reason for customers to choose Fanatics Sportsbook. FanCash Drop will be available to sportsbook customers every Friday, and prizing will vary each week.

Fanatics Sportsbook customers have enjoyed more than $6 million in winning payouts thanks to Fair Play since the start of the football season. Every year during the NBA playoffs, the game’s brightest stars rise to meet the moment, so it’s only fitting that Fanatics Sportsbook does the same, with an exclusive Fair Play protection extension from the first quarter to the first half for the entire NBA Playoffs. Fair Play will kick in whether it’s a straight, parlay or Same Game Parlay (SGP). In addition, Fanatics Sportsbook will introduce the Fair Play Hub in the app, where customers can track live player news and Fair Play payouts.

Customers can download the Fanatics Sportsbook app on iOS and Android and for up to date news and information on Fair Play follow the Fanatics Sportsbook social channels on X @FanaticsBook and on Instagram @FanaticsSportsbook.

 

The post Fanatics Sportsbook Is the Fastest Growing Sportsbook in America – and Is Expanding Its FanCash and Fair Play Initiatives appeared first on European Gaming Industry News.

Continue Reading

Latest News

Vixio’s Chief Analyst James Kilsby Honored As Silver Stevie® Award Winner In 2025 American Business Awards®

Published

1 day ago

on

April 25, 2025

By

Reading Time: 2 minutes

 

Vixio, a leading provider of regulatory intelligence solutions, is proud to announce that James Kilsby, Chief Analyst, has been named the winner of a Silver Stevie® Award in the Thought Leader of the Year – Business category in the 23rd Annual American Business Awards®. The American Business Awards are the United States’ premier business awards program.

Kilsby was honored for his impactful leadership in providing intelligence on regulatory and compliance trends affecting the global gambling industry, particularly in emerging markets like Brazil. In an industry where compliance monitoring is cumbersome, his analysis, forecasts, and deep expertise help take the complexity out of compliance. His work in 2024 included in-depth analysis of the new regulated Brazilian gambling market and the launch of Vixio’s Technical Compliance Tool.

Roseanne Spagnuolo, Chief Research & Data Officer, Vixio, said: “James’ contributions to the gambling industry and to Vixio are significant. Some of the world’s biggest brands trust Vixio to monitor regulatory developments affecting their licences and identify new market and product opportunities. James’ expertise, especially in emerging markets in the Americas such as Brazil, is a significant contributor to those efforts.”

“I’m deeply honored to receive this recognition from the American Business Awards,” said James Kilsby, Chief Analyst, Vixio. “This award is a reflection of the trust our clients place in us and the incredible team at Vixio that brings clarity to such a complex and fast-moving global industry. As jurisdictions like Brazil evolve, our mission remains the same: to empower organizations with the intelligence they need to navigate compliance challenges confidently and responsibly.”

Stevie® judges praised Kilsby’s clear and actionable insights in an often opaque industry. One judge said: “James Kilsby has demonstrated exceptional thought leadership in the gambling compliance sector. His deep expertise in gambling regulations, particularly in emerging markets like Brazil, has positioned him as a key industry voice. His contributions include high-impact research, frequent media appearances, and direct influence on product innovation, notably with Vixio’s Technical Compliance Tool.”

Another judge added: “The gambling industry is often an opaque field where it is hard to understand what is and what is not allowed. James’s ability to provide clarity in this area and use that to support compliance and responsible gambling are commendable.”

More than 3,600 nominations from organizations of all sizes and in virtually every industry were submitted this year for consideration in a wide range of categories.

“Organizations across the United States continue to demonstrate resilience and innovation,” said Stevie Awards president Maggie Miller. “The 2025 Stevie winners have helped drive that success through their innovation, persistence, and hard work. We congratulate all of the winners in the 2025 ABAs and look forward to celebrating their achievements during our June 10 gala event in New York.”

Nicknamed the Stevies for the Greek word meaning “crowned,” the awards will be presented to winners at a gala ceremony at the Marriott Marquis Hotel in New York on Tuesday, June 10.

Details about The American Business Awards and the list of 2025 Stevie winners are available at StevieAwards.com/ABA.

To learn more about simplifying compliance management with Vixio’s award-winning regulatory intelligence solutions, visit vixio.com.

 

The post Vixio’s Chief Analyst James Kilsby Honored As Silver Stevie® Award Winner In 2025 American Business Awards® appeared first on European Gaming Industry News.

Continue Reading

Trending

EEGaming.org is part of HIPTHER, parent brand of various prominent news outlets and international conferences. These platforms and events span a wide range of industries, including Entertainment, Technology, Gaming and Gambling, Blockchain, Artificial Intelligence, Fintech, Quantum Technology, Legal Cannabis, Health and Lifestyle, VR/AR, eSports, and several others. This indicates that EEGaming.org is part of a larger network that focuses on a diverse array of sectors, particularly those related to cutting-edge technology and modern lifestyle trends.

Contact us: [email protected]

Editorial / PR Submissions: [email protected]

Copyright © 2015 - 2025 HIPTHER. All Rights Reserved. Registered in Romania under Proshirt SRL, Company number: 2134306, EU VAT ID: RO21343605. Office address: Blvd. 1 Decembrie 1918 nr.5, Targu Mures, Romania

We are constantly showing banners about important news regarding events and product launches. Please turn AdBlock off in order to see these areas.