A Review of Tactics, Techniques, and Procedures (TTPs) of MITRE Framework for Business Email Compromise (BEC) Attacks

A Review of Tactics, Techniques, and Procedures (TTPs) of MITRE Framework for Business Email Compromise (BEC) Attacks

Blog Article

The MITRE ATT&CK (Registered trademark) framework is a globally recognized repository of adversarial Tactics, Techniques, and Procedures (TTPs) based on real-world cyber threats.It provides a model for analyzing attack behaviors and enhancing incident attribution.Business Email citronella horse shampoo Compromise (BEC) frauds, a growing cyber threat, exploit email communications for financial gain.However, the MITRE framework is not widely used for BEC, as no custom matrix has been developed specifically for these attacks.This study maps the TTPs used by BEC Threat Actors (TA) within the MITRE ATT&CK framework.

The methodology included a review of academic literature, Cyber Threat Intelligence (CTI) reports, and real-world incident response data from INCIDE Digital Data S.L.A total of 10 tactics, 34 techniques, and 46 sub-techniques were identified, with 5 new sub-techniques proposed to address gaps, particularly in mailbox manipulation and defense evasion.Additionally, Privilege Escalation, Lateral Movement, and Credential Access tactics were merged due to overlapping techniques, while the Execution tactic was excluded as it is not central to BEC attacks.To demonstrate the utility of the framework, we navy drapery fabric characterized two real-world TAs: Cosmic Lynx, a sophisticated actor targeting multinational organizations, and Chiffon Herring, a smaller-scale attacker employing simpler methods.

These case studies highlight the framework’s adaptability for analyzing diverse TA profiles and its potential to support improved incident attribution, detection, and prevention strategies.