MITRE, a leading organization in the cybersecurity field, has announced the 17th update to its ATT&CK framework. This framework is used globally for modeling adversary behavior, analyzing threats, and improving cybersecurity systems. The update reflects the latest trends in cyberattacks, incorporates new platforms, clarifies adversary tactics, and provides deeper insights into defensive measures.

Key Updates in ATT&CK v17:

New Platform Support: VMware ESXi: The framework now includes techniques used against hypervisors.

Platform Renaming: The "Network" platform has been renamed to "Network Devices" for a more accurate representation of network hardware coverage.

Refined Execution Flow Hijacking Techniques: Updated and consolidated techniques within the Hijack Execution Flow section to eliminate confusion between similar attack scenarios.

Improved Mitigations: The description of countermeasures has become clearer and more practically oriented.

ATT&CK Database Object Statistics:

• Enterprise: 14 tactics, 211 techniques, 468 sub-techniques, 166 groups, 755 software tools, 47 campaigns.
• Mobile: 12 tactics, 75 techniques, 46 sub-techniques.
• ICS (Industrial Control Systems): 83 techniques, 52 mitigations, 14 assets.

As a reminder, MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is an open knowledge base of hacker tactics, techniques, and procedures, based on real-world observations of cyber threats. You can review the complete list of changes in version v17 by following this link.