{"id":2226,"date":"2023-05-30T16:01:34","date_gmt":"2023-05-30T14:01:34","guid":{"rendered":"https:\/\/www.spacesecurity.info\/attck-v13-released-with-significant-updates-pseudocode-swifter-search-mobile-data-sources-and-ics-asset-refactoring\/"},"modified":"2023-11-03T09:45:15","modified_gmt":"2023-11-03T08:45:15","slug":"attck-v13-released-with-significant-updates-pseudocode-swifter-search-mobile-data-sources-and-ics-asset-refactoring","status":"publish","type":"post","link":"https:\/\/www.spacesecurity.info\/en\/attck-v13-released-with-significant-updates-pseudocode-swifter-search-mobile-data-sources-and-ics-asset-refactoring\/","title":{"rendered":"ATT&CK v13 released with significant updates : Pseudocode, Swifter Search, Mobile Data Sources and ICS asset refactoring, …"},"content":{"rendered":"

\"\"<\/a><\/p>\n

\ud83d\udd25 On Tuesday 25 April 2023, the MITRE Corporation released ATT&CK v13, the new version of its framework.<\/p>\n

This new version includes significant updates and affects all matrices: Enterprise, Mobile and ICS.<\/p>\n

In this article, we summarize the biggest changes\u00a0: and will go through more details.<\/p>\n

\u2714\ufe0f Addition of “Pseudocode analytics for Detection”: I understand this is the most important change in ATT&CK v13. It adds detailed recommendations to the TTPs in the Enterprise matrix to improve their detection by providing more precision and context on what to look for and collect. This new information can be consulted in the CAR (Cyber Analytics Repository) database.<\/p>\n

\u2714\ufe0f\u00a0Addition of new data sources for the Mobile matrix: Data sources represent information that can be collected from logs or probes. They also include characteristics that make it possible to identify the specific properties\/values of a data source that are relevant to the detection of a technique or sub-technique.<\/p>\n

\u2714\ufe0f\u00a0Update of the ICS matrix: overhaul of assets, addition of new techniques and refresh of campaign mapping<\/p>\n

\u2714\ufe0f\u00a0Update of APT groups and attack campaigns with the possibility of cross-domain mapping<\/p>\n

\u2714\ufe0f\u00a0Improved coverage of the Cloud: addition of new technologies and completion of execution and lateral movement techniques<\/p>\n

\u2714\ufe0f\u00a0Improved coverage of Linux: updated techniques and sub-techniques with a better understanding of attacks<\/p>\n

\u2714\ufe0f\u00a0Improvements to the web interface, mainly in the search module<\/p>\n

\u2714\ufe0f\u00a0New changelog types to help identify more precisely what has changed in ATT&CK.<\/p>\n

\u201cwe\u2019re working toward enhanced tools for lower-resourced defenders, improving ATT&CK\u2019s website usability, enhancing ICS and Mobile parity with Enterprise, and evolving overall content and structure this year\u201d<\/p><\/blockquote>\n

Amy L. Robertson<\/p>\n

\ud83e\udd29 A v14 is already announced for October with more details at ATT&CKCon 4.0 which takes place on 24-25 October 2023 :<\/p>\n