Cybersecurity Threats in the Cloud: A Growing Concern

The Threat Landscape

In 2025, an international fintech firm will face attacks through its hybrid cloud infrastructure by some of the most sophisticated cyber operators on the Internet, targeting the company’s Active Directory instance, employees’ LinkedIn profiles, and shared code repositories to further their compromises.

A Real-World Scenario

This scenario is the premise of the latest MITRE ATT&CK Evaluations test, an annual assessment gauntlet that pits cybersecurity firms against the techniques and tactics of the latest cyber threats actors. For vendors, the exercises — conducted by government contractor MITRE — allow them to test their detection, protection, and response capabilities in real-world scenarios to see what can be improved. For cybersecurity professionals, the results of the assessments can help them determine whether they are prepared to defend against sophisticated attacks.

Improving Detection and Response

The tools used in the ATT&CK Evaluations can help identify vulnerabilities and improve detection capabilities. However, if the tools are unable to detect a particular technique, the community can work together to improve the tool and enhance its capabilities. As Young explains, "If we’re emulating this adversary and we find this technique that your tool can’t detect, can we help you improve your tool so that you can now detect that technique? That’s something that I think also the customers or the community should look at."

Creating Playbooks for Defense

Defenders can take a page from the ATT&CK evaluations by creating playbooks to detect and protect against the tested threats. During the ATT&CK Evaluation, MITRE logs activity and takes screenshots, giving organizations a detailed picture of the attack unfolding and mapping the steps against the ATT&CK Framework. This information can be invaluable in designing defenses against sophisticated attacks.

The Value of the ATT&CK Framework

Knowing that adversaries are now using this kind of technique — say, this kind of lateral movement, or they’re going to go after this kind of resource — that’s exceptionally helpful for [a company] designing their defenses. As Young says, "I almost think there’s more value in looking at the [ATT&CK] framework than the evaluations, but it depends on your purpose." The ATT&CK Framework provides a comprehensive guide for understanding and defending against cyber threats, making it an essential tool for cybersecurity professionals.