MITRE Att&CK Matrix

Overview

The MITRE ATT&CK Cloud Matrix for Cloud outlines specific techniques attackers use to target cloud environments and maps these techniques to various AWS security controls. This matrix helps organizations understand how to defend against common threats by aligning AWS-native security practices with the ATT&CK framework, providing a structured approach to identifying and mitigating adversary tactics and techniques.

Key categories in the matrix include:

  1. Initial Access: Techniques like exploiting public-facing applications or using valid cloud accounts.

  2. Execution: Exploiting cloud APIs or executing serverless functions.

  3. Persistence: Creating additional cloud roles or manipulating SSH authorized keys.

  4. Privilege Escalation: Abusing cloud credentials or exploiting temporary elevated access.

  5. Defense Evasion: Disabling cloud logs or modifying authentication processes.

  6. Credential Access: Brute force attacks, credential stuffing, and harvesting credentials from metadata APIs.

  7. Discovery: Enumerating cloud infrastructure or service dashboards.

  8. Impact: Techniques like data encryption, resource hijacking, or denial of service through cloud services.

This matrix is particularly useful for threat hunters and security professionals, helping them align detection strategies and remediation efforts according to identified techniques that are most relevant to AWS environments. More detailed mapping and descriptions can be found on the official MITRE ATT&CK site.

Last updated