- CISA Releases Decider Tool to Help with MITRE ATT&CK Mapping
- LastPass Breach
_______________________________
CISA Releases Decider Tool to Help with MITRE ATT&CK Mapping
Situation:
CISA released Decider, a tool for mapping adversary behavior to the MITRE ATT&CK® framework. A companion to the recently updated Best Practices for MITRE ATT&CK® Mapping guide, Decider helps network defenders, analysts, and researchers quickly and accurately map adversary tactics, techniques, and procedures (TTPs) to the ATT&CK knowledge base.
Problem:
MITRE ATT&CK has 14 tactics, 193 techniques, and 401 sub-techniques, so understanding and analyzing would be hard. Also, when using MITRE ATT&CK map, user would be miss some important details.
Implication:
Without Decider users have a hard time to quickly and accurately understand and analyze adversary activities.
Need:
Network defenders, analysts, and researchers can see CISA’s video, fact sheet, and blog to get started with Decider.
We encourage the community to use the tool in conjunction with the recently updated Best Practices for MITRE ATT&CK® Mapping guide.
Additional Resources:
CISA Releases Decider Tool to Help with MITRE ATT&CK Mapping:
https://www.cisa.gov/news-events/alerts/2023/03/01/cisa-releases-decider-tool-help-mitre-attck-mapping
Decider, A Tool for Network Defenders, Analysts, and Researchers Working With MITRE ATT&CK®:
https://www.cisa.gov/sites/default/files/2023-03/decider_fact_sheet_508c.pdf
Helping Cyber Defenders “Decide” to Use MITRE ATT&CK:
https://www.cisa.gov/news-events/news/helping-cyber-defenders-decide-use-mitre-attck
MITRE ATT&CK®:
https://attack.mitre.org/
________________________________
Situation:
LastPass has revealed that an attacker stole a master password that they used to access highly restricted corporate databases and information by targeting a senior engineer’s home computer.
Problem:
A threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.
Implication
The attacker can get a copy of customer vault backup data from the encrypted storage container.
The attacker can exfiltrate and encrypt the backed up files via DevOps engineers’ credentials.
Need:
We recommend to all LastPass users should change their master passwords and all passwords stored in their vaults.
Additional Resources:
LastPass says employee’s home computer was hacked and corporate vault taken: