Picus Security Report: Top 10 MITRE ATT&CK Techniques Remains Popular With Threat Actors
Picus Security's May 2023 Cyber Threat Intelligence Report details the top ten most frequently observed MITRE ATT&CK techniques used by cybercriminals. The report aggregates data from various sources to identify prevalent attack paths.
The top ten MITRE ATT&CK techniques continue to be the most frequently employed methods by cyber threat actors, according to Picus Security's May 2023 Cyber Threat Intelligence Report. These techniques include phishing, command and scripting interpreter usage, and system information discovery, among others, as observed in the wild.
Phishing and its variants, such as spear-phishing, were widely utilized by threat actors including SideWinder APT, APT28, and the BianLian Ransomware Gang during May 2023. These groups targeted various sectors by mimicking domains and sending deceptive emails. A new "Phishing-as-a-Service" tool named "Greatness" was also noted, specifically targeting Microsoft 365 users.
The Command and Scripting Interpreter technique (T1059) was another prevalent method, used by advanced threat actors like Volt Typhoon APT and the Cactus Ransomware Gang. These techniques were often deployed in conjunction with other malicious payloads, such as Cobalt Strike and the IceID banking trojan.
Picus Security compiles its threat intelligence by gathering data from diverse sources, including threat intelligence feeds, malware dumps, security blogs, exploit databases, sandboxes, and network data queries. This allows for an in-depth analysis of malware samples and threat actor campaigns.
The report maps these prevalent TTPs onto the MITRE ATT&CK framework, providing organizations with insights into common attack paths to help shape more effective mitigation strategies against current cyber threats.