MITRE Att&ck Framework – The Most Common Vulnerabilities for Your Business’s Security

FrameworkThere are many different ways to evaluate your business security. One of the most popular is the MITRE Attack Framework (MITRE). The MITRE Framework is a risk management tool that helps organizations identify, classify, and prioritize their vulnerabilities based on how likely they are to be exploited.

The MITRE framework is a great place to start for implementing a world-class enterprise cybersecurity program. It contains the set of best practices from others who have been on the frontlines in cybersecurity for years. The guidelines are a comprehensive, practical answer to help mitigate risk and protect your organization’s information assets.

You can check MITRE’s Common Weakness Enumerations for a full list of common exploits and ways to mitigate them.

1) Out-of-bounds write (memory corruption)

This occurs when software writes data past the end of the intended memory buffer. It can result in corrupted data, system crashes, information disclosure, and enable an attacker to execute arbitrary code on the system.

There are several phases of mitigation to address software memory corruptions. It’s important that the coding language and the operating system provide safeguards and functionality that prevent such errors in the first place.

Environmental hardening is also important, and enterprise companies should use CPU architectures and operating systems that support Data Execution Protection and Address Space Layout Randomization.

2) Cross-site scripting

Cross-site scripting (XSS) vulnerabilities can occur in several scenarios, and the most common case of this vulnerability involves attackers who gain the ability to inject malicious code into Web applications to execute malicious actions on a user’s system.

XSS differs from other code injection attacks, such as SQL, by exploiting page vulnerabilities that target other users, rather than stealing information from the back-end database. In a typical XSS attack scenario, code is embedded onto the web page that will redirect other visitors to malicious websites. The code can be inserted via input forms with inadequate input sanitization, for example.

XSS can have a significant impact on business websites, as it not only enables attackers to deface the company’s website, but can also open up avenues for malware distribution, phishing attacks, and cryptojacking, where a device’s CPU resources are hijacked for solving crypto hashing algorithms.

It is important to implement a layered defense against XSS vulnerabilities, and the MITRE ATTACK framework lists numerous defense strategies to stop XSS attacks.

3) Out-of-bounds read

This occurs when the software reads data past the end of the intended buffer. It can allow attackers to read sensitive data from other memory locations and cause the system to crash or fail. The attacker will be able to obtain secret memory values in order to bypass protection mechanisms.

Mitigation relies on an input validation strategy, such as accepting only known good values from inputs that strictly follow a certain formatting or structure. Memory safe programming languages include memory abstractions that prevent developers from making coding mistakes that may allow out-of-bounds reads.

4) Improper input validation

When software does not properly validate inputs, it can result in sensitive data leaks and other data misconfigurations. This actually forms an umbrella over many other attack surfaces, but the root cause can often be determined by simply reviewing the source code of the software.

Because there are so many different scenarios where improper input validation can be exploited by attackers, security measures will depend on your software environment and recommended mitigation strategies that are unique to your environment.

5) OS Command Injection

The improper neutralization of OS command special elements that originate from upstream systems can result in attackers being able to execute malicious code. For example, a program may receive command line arguments from an external source and combine them with a shell command. Unless the external input is neutralized before execution, an attacker may be able to inject arbitrary code which the system will execute.

This problem can become severely heightened when a system does not utilize least privilege protocols, as the attacker can run any commands he pleases on the system. It’s important to run critical processes in a sandbox or jail environment so that there exist strict boundaries between the process and the OS execution environment.

6) SQL Injection

SQL injection attacks are frequently used in web-based attacks on database-driven websites. SQL is a programming language used by many relational databases. SQL injection vulnerabilities allow an attacker to trick the application into running malicious SQL code on the site’s database. They are typically caused by inadequate input sanitization.

SQL injection vulnerabilities may allow an attacker to modify data, subvert application logic, and even to elevate their privileges to gain root access to the machine.

SQL injections are a common attack method for hackers of all expertise levels. Because SQL flaws are rather easy to detect, a business can find itself fending off multiple SQL injection attacks on a regular basis.