Industry News
PRE-ATT&CK Techniques: The Key to Preventing Cyber Attacks
Cyber attackers are now targeting any kind of information that can reward them: from personal data to corporate information to government secrets. However, behind each attack, there is a long chain of thoroughly selected actions.
While most organizations focus their attention on protecting the perimeter of their corporate network, the cybersecurity experts from MITRE advise expanding their ability to understand the behavior of adversaries.
Hackers select their victims long before their attack and carefully collect information about them before executing any malicious actions. Nowadays, the internet provides them with a great variety of data about almost any company, so adversaries can learn enough not only about a company’s activity but also about its cybersecurity weak spots.
To help security officers understand how hackers choose their victims and prevent an attack before it even begins, MITRE, a non-profit corporation that tackles cybersecurity problems, has created the PRE-ATT&CK matrix that is a part of the Adversarial Tactics, Techniques, and Common Knowledge, also known as the ATT&CK framework.
What is the PRE-ATT&CK matrix?
PRE-ATT&CK allows security officers to prevent a possible attack before an adversary penetrates into their network. The PRE-ATT&CK matrix contains 15 tactics and more than 150 techniques that explain the adversary planning, information gathering, reconnaissance, and setup when preparing their attack.
The tactics in PRE-ATT&CK explain the typical adversarial techniques and procedures for selecting a victim, obtaining information about it, and launching the cyber attack. This information provides security officers with a broader understanding of adversary behavior before any indicators of compromise appear.
PRE-ATT&CK allows security officers to find answers on the following questions:
- Are there any signs that cyber attackers are targeting your organization?
- What adversary techniques may an attacker apply to your company?
- How can you analyze the collected data to notice a hacker’s interest into your organisation?
Analyzing the PRE-ATT&CK techniques and tactics, defenders can get a better understanding of cyber attacker activities. They can use this knowledge to make appropriate decisions on what technical measures and mitigations to adopt in order to reduce hacker’s chances on properly preparing an attack on their organization.
How to use the PRE-ATT&CK matrix
The PRE-ATT&CK matrix provides detailed information about how adversaries prepare for arranging a cyber attack. The PRE-ATT&CK tactics explain what goals an aversary sets for themselves, while each technique shows how these goals can be achieved. The tactics in PRE ATT&CK reflect such attacker goals:
- Priority definition
- Victim selection
- Gathering information about a victim
- Victim weakness identification
- Persona development
- Capabilities setup
The PRE-ATT&CK techniques show how adversaries perform each tactic and allow enterprise defenders to track and organize attack statistics and patterns.
Priority definition
Using this tactic, an adversary weighs all the pros and cons of arranging an attack. They set their goals by considering how the information they are getting can benefit them and what kind of information has the biggest value for them. At this stage, cyber criminals compare the cost of cyber intrusions with the expected reward from their activity.
Victim selection
Taking into account their priorities, adversaries begin to look for their victims. They take their strategic considerations and then narrow them down tactically and operationally until a victim is selected. Depending on their target, adversaries can decide to attack it directly or through business partners. However, for making the right decision, hackers usually need to collect all possible information about their target.
Gathering information about the victim
After adversaries select their victim, they can’t blindly execute an attack. They first need to gather all information about their target: the type of technical system the victim uses, the personnel that works for the victim, and the victim organization itself.
Attackers usually collect information about their victims by using open-source intelligence tools and techniques. Such data about a victim as organization’s domains, email address format, names of top personnel can be freely found online by combining phishing and social engineering techniques.
While organizations can’t minimize their presence on the internet nowadays, security officers can consider how the public data of their company may be abused and define vectors of possible attacks.
Identifying victim weaknesses
By analyzing all the data collected at the previous stage, adversaries can find potential weaknesses of their victim. The discovered vulnerabilities become the basis of creating a plan of the attack. Weakness identification also allows adversaries to test and configure their own systems for attack execution.
At this stage, defenders can consider the Pyramid of Pain that will help them define the importance of indicators of compromise.
Persona development
Though the internet is a place where you can find everyone, it’s also a place where anyone can create a fake persona. A hacker can develop their persona by providing a fake email address and personal information to one of the social media sites. Getting in contact with a potential victim, an adversary can gain greater access to the victim’s personal profile with an intention to abuse this data later.
Unfortunately, most social media don’t inform their users whether someone viewed their profile. However, organizations can establish tight privacy control for their corporate accounts in social media by establishing trusted connections, blocking suspicious content, and educating their employees.
Capabilities setup
After getting in contact with potential victims, an adversary will establish capabilities for arranging an attack. Though some cyberc riminals may be really technology-savvy, most of them look for the easiest way to maintain their own internet infrastructure.
There are plenty of cost-effective ways to anonymously use servers, autonomous systems, and networks. Adversaries often abuse this anonymity for achieving their malicious goals. Paying just several dollars per month, they can get a virtual presence enough for compromising your organization.
Even if your logs detected adversarial activity from a specific server, it would be very difficult to legally pursue that source because of the lack of evidence. Though it may seem nearly impossible to detect an adversary at this stage of the cyber attack, security teams should pay attention to behavioral patterns that indicate hacker’s activity.
While PRE-ATT&CK describes only the adversarial behavior before an attack, MITRE has recently integrated some PRE-ATT&CK techniques into ATT&CK to let security teams define the potential vectors of attacks on their organizations and improve their security measures accordingly.
Enterprises that integrate PRE-ATT&CK into their security best practices can significantly enhance their protection measures and prevent adversaries long before they actually begin their malicious campaigns.
Conclusion
It’s not a secret that cyber attacks are now more targeted than any time before. Cyber criminals carefully select their next victim and conduct a thorough investigation before penetrating into your corporate network. Using the PRE-ATT&CK matrix from MITRE, security teams can reveal the early signs of adversarial behavior and prevent an attack before hackers compromise your organization.
This article is a contribution from Marcell Gogan. Marcell is a specialist within digital security solutions, business design and development, virtualization and cloud computing, R&D projects, establishment and management of software research direction – working with Ekran System. He also loves writing about data management and cybersecurity.
Industry News
Europe Sports Betting Market Size, Share & Trends Analysis Report 2024-2030 Featuring Bet365, William Hill, Betfair, Paddy Power, 888sport, Bwin, Unibet, Ladbrokes, MGM, and Betsson
The “Europe Sports Betting Market Size, Share & Trends Analysis Report by Type, Platform, Sports Type (Football, Basketball, Baseball, Horse Racing, Cricket, Hockey, Others), Country, and Segment Forecasts, 2024-2030” report has been added to ResearchAndMarkets.com’s offering.
The Europe sports betting market size is anticipated to reach USD 65.54 billion by 2030 and is expected to expand at a CAGR of 9.9% from 2024 to 2030
The globalization of sports and the integration of international leagues and tournaments into European betting markets have fueled the growth of sports betting. Major sporting events such as the FIFA World Cup, UEFA European Championship, Wimbledon, and the Olympics attract widespread attention and betting interest from European consumers, driving significant betting volumes and revenues for sports betting operators, thus driving the growth of the sports betting market in Europe.
The COVID-19 pandemic had a negative impact on the European sports betting market. The cancellation or postponement of sports events during the pandemic restrained the market growth. With major tournaments, leagues, and competitions either suspended or canceled outright, the absence of live sports events severely diminished consumer betting opportunities. It led to a significant decline in betting volumes and revenues for sports betting operators.
The presence of favorable betting policies in the region is driving the growth of the sports betting market in the region. Many European countries, such as the UK, Ireland, Denmark, and France, have progressive policies promoting a competitive and well-regulated betting market. It facilitates the entry of new operators into the market and encourages competition, leading to innovation, improved services, and better value for consumers.
Moreover, established responsible gambling initiatives and regulatory bodies in Europe, such as the European Gaming & Betting Association, help build trust and confidence among consumers by promoting responsible gambling practices, ensuring fairness and transparency in betting operations, and providing avenues for dispute resolution, to protect consumers and maintain the integrity of the betting market, thus driving the growth of sports betting market in the region.
Europe Sports Betting Market Report Highlights
- Based on the type of betting, the fixed odd wagering segment accounted for the highest revenue share of 27.7% in 2023 due to the stability and predictability of the payouts
- Based on platform, the online segment dominated the market in 2023 and is expected to grow at a significant CAGR from 2024 to 2030. It can be attributed to the collaborations between sports teams, leagues, and betting companies, thus increasing the visibility of sports betting and attracting a larger customer base.
- In terms of sports type, the football segment accounted for the largest revenue share in 2023. It can be attributed to the popularity of football in Europe due to popular football clubs like Real Madrid, Liverpool FC, FC Barcelona, and Manchester United.
- The UK held a significant share of 34.6% in 2023 and is expected to grow at a significant CAGR during the forecast period. Favorable gambling policies in the country drive the market’s growth.
Company Profiles
- Bet365
- Ali William Hill
- Betfair
- Paddy Power
- 888sport
- Bwin
- Unibet
- Ladbrokes
- MGM Resorts International
- Betsson
Key Attributes:
Report Attribute | Details |
No. of Pages | 80 |
Forecast Period | 2023 – 2030 |
Estimated Market Value (USD) in 2023 | $33.75 Billion |
Forecasted Market Value (USD) by 2030 | $65.54 Billion |
Compound Annual Growth Rate | 9.9% |
Regions Covered | Europe |
Key Topics Covered:
Chapter 1. Methodology and Scope
Chapter 2. Executive Summary
2.1. Market Outlook
2.2. Segment Outlook
2.3. Competitive Insights
Chapter 3. Europe Sports Betting Market Variables, Trends & Scope
3.1. Market Lineage Outlook
3.1.1. Parent market outlook
3.1.2. Related/ancillary market outlook
3.2. Market Dynamics
3.2.1. Market driver analysis
3.2.1.1. Increasing number of sport events
3.2.1.2. Growing number of sporting events and leagues in Europe
3.2.2. Market restraint analysis
3.2.2.1. Lack of unified regulations
3.2.3. Market opportunity analysis
3.2.3.1. Growth in E-sports audience
3.3. Europe Sports Betting Market Analysis Tools
3.3.1. Industry Analysis – Porter’s
3.3.2. PESTEL Analysis
Chapter 4. Europe Sports Betting Market: Platform Estimates & Trend Analysis
4.1. Platform Market Share, 2023 & 2030
4.2. Segment Dashboard
4.3. Europe Sports Betting Market by Platform Outlook
4.4. Market Size & Forecasts and Trend Analyses, 2018 to 2030
4.4.1. Offline
4.4.2. Online
Chapter 5. Europe Sports Betting Market: Type Estimates & Trend Analysis
5.1. Type Market Share, 2023 & 2030
5.2. Segment Dashboard
5.3. Europe Sports Betting Market by Type Outlook
5.4. Market Size & Forecasts and Trend Analyses, 2018 to 2030
5.4.1. Fixed odds wagering
5.4.2. Exchange Betting
5.4.3. Live/In Play Betting
5.4.4. eSports Betting
5.4.5. Others
Chapter 6. Europe Sports Betting Market: Sports Type Estimates & Trend Analysis
6.1. Sports Type Market Share, 2023 & 2030
6.2. Segment Dashboard
6.3. Europe Sports Betting Market by Sports Type Outlook
6.4. Market Size & Forecasts and Trend Analyses, 2018 to 2030
6.4.1. Football
6.4.2. Basketball
6.4.3. Baseball
6.4.4. Horse Racing
6.4.5. Cricket
6.4.6. Hockey
6.4.7. Others
Chapter 7. Europe Sports Betting Market: Regional Estimates & Trend Analysis
7.1. Regional Market Share Analysis, 2023 & 2030
7.2. Regional Market Dashboard
7.3. Regional Market Snapshot
7.4. Market Size, & Forecasts Trend Analysis, 2018 to 2030
7.4.1. UK
7.4.2. Germany
7.4.3. France
7.4.4. Italy
Chapter 8. Competitive Landscape
8.1. Recent Developments & Impact Analysis, By Key Market Participants
8.2. Company/Competition Categorization
8.3. Vendor Landscape
8.3.1. List of key distributors and channel partners
8.3.2. Key customers
8.4. Company Profiles
For more information about this report visit researchandmarkets.com
Industry News
Leading online slot developer announces launch of Snoop’s High Rollers which will go live exclusively with popular crypto sportsbook and casino
Gaming Corps, a publicly listed game development company based in Sweden, has signed a major deal that will see it launch an exclusive slot game in collaboration with rap legend, Snoop Dogg. The game will drop exclusively on Roobet, the online casino where Snoop Dogg is a brand ambassador.
Snoop Dogg needs no introduction. He made his music industry debut when he appeared on Dr Dre’s 1992 album, The Chronic, and has since sold more than 50 million albums worldwide. He’s also made several movie and TV show appearances, making him one of the most iconic artists of all time.
The game is “Snoop’s High Rollers” and allows players to experience what it’s like to live life as a music legend. The soundtrack is inspired by Snoop’s early and later works and the main man has also narrated parts of the game to really bring it to life.
Snoop has also played a part in creating the gameplay, hand-picking mechanics and bonus features to really put his stamp on the game. Roobet has also got in on the action, leading to a unique online slot that will soar to the top of the charts among its players.
Snoop’s High Rollers will make its debut exclusively on Roobet, the crypto casino and sportsbook that has taken the market by storm since its launch in 2019. The casino’s team has put a comprehensive marketing strategy behind the game with plans to use it to drive new customer acquisition at scale.
“It is with much pride that we at Gaming Corps have had the chance to develop a game in close collaboration with Snoop Dogg and Roobet, where we have combined our unique gaming perspective with Snoop Dogg’s unparalleled style and charisma,” Juha Kauppinen, Gaming Corps CEO, said:-
“Our vision is to offer players an experience where music, culture and gaming merge into something extraordinary. Our close collaboration with Roobet has enabled us to do the impossible, namely world-class marketing, game release is planned for 20 of April. We’re thrilled, and discussions are already underway about several game concepts!”
Anthony Brennan, Head of Partnerships at Roobet, added: “Roobet loves pushing the envelope and never flinches at an opportunity to bring iGaming and pop culture together. Snoop loves his game, we love the game, and we’ve been delighted at the experience of building something that feels fresh in an industry full of remixes.
“We can’t say enough nice things about the Gaming Corps team, and we’re excited to hear what the gaming community has to say!”
Industry News
IDnow Bridges the AI-human Divide with New Expert-led Video Verification Solution
IDnow, a leading identity verification provider in Europe, has unveiled VideoIdent Flex, a new version of its expert-led video verification service that blends advanced AI technology with human interaction. The human-based video call solution, supported by AI, has been designed and built to boost customer conversion rates, reduce rising fraud attempts, increase inclusivity, and tackle an array of complex online verification scenarios, while offering a high-end service experience to end customers.
The company’s original expert-led product, VideoIdent, has been a cornerstone in identity verification for over a decade, serving the strictest requirements in highly regulated industries across Europe. VideoIdent Flex, re-engineered specifically for the UK market, represents a significant evolution, addressing the growing challenges of identity fraud, compliance related to Know-Your-Customer (KYC) and Anti-Money Laundering (AML) processes and ensuring fair access and inclusivity in today’s digital world outside of fully automated processes.
As remote identity verification becomes more crucial yet more challenging, VideoIdent Flex combines high-quality live video identity verification with hundreds of trained verification experts, thus ensuring that genuine customers gain equal access to digital services while effectively deterring fraudsters and money mules. Unlike fully automated solutions based on document liveness and biometric liveness features, this human-machine collaboration not only boosts onboarding rates and prevents fraud but also strengthens trust and confidence in both end users and organisations. VideoIdent Flex can also serve as a fallback service in case a fully automated solution fails.
Bertrand Bouteloup, Chief Commercial Officer at IDnow, said: “VideoIdent Flex marks a groundbreaking advancement in identity verification, merging AI-based technology with human intuition. In a landscape of evolving fraud tactics and steady UK bank branch closures, our solution draws on our decade’s worth of video verification experience and fraud insights, empowering UK businesses to maintain a competitive edge by offering a white glove service for VIP onboarding. With its unique combination of KYC-compliant identity verification, real-time fraud prevention solutions, and expert support, VideoIdent Flex is a powerful tool for the UK market.”
Whereas previously firms may have found video identification solutions to be excessive for their compliance requirement or out of reach due to costs, VideoIdent Flex opens up this option by customising checks as required by the respective regulatory bodies in financial services, mobility, telecommunications or gaming, to offer a streamlined solution fit for every industry and geography.
Bouteloup added: “Identity verification is incredibly nuanced; it’s as intricate as we are as human beings. This really compounds the importance of adopting a hybrid approach to identity – capitalising on the dual benefits of advanced technology when combined with human knowledge and awareness of social cues. With bank branches in the UK closing down, especially in the countryside, and interactions becoming more and more digital, our solution offers a means to maintain a human relationship between businesses and their end customers, no matter their age, disability or neurodiversity.
“VideoIdent Flex is designed from the ground up for organisations that cannot depend on a one-size-fits-all approach to ensuring their customers are who they say they are. In a world where fraud is consistently increasing, our video capability paired with our experts adds a powerful layer of security, especially for those businesses and customers that require a face-to-face interaction.”
-
Compliance Updates5 days ago
Bet on Compliance: Navigating the Stakes with the UK’s Affordability Checks
-
Industry News4 days ago
Real Dealer Studios: Offering a fresh spin on classic roulette
-
Industry News5 days ago
Cheltenham and Grand National 2025 start now
-
eSports4 days ago
Denis ‘electroNic’ Sharipov is a New Virtus.pro Player
-
Gambling in the USA5 days ago
Gaming Americas Weekly Roundup – April 8-14
-
Asia4 days ago
Aurora Gaming Crowned Champions of $350,000 Skyesports Masters 2024, Earns Spot in Skyesports Championship
-
eSports4 days ago
NODWIN Gaming Partners with Global Esports Federation as Portfolio Management Company for Key Emerging Markets
-
Asia5 days ago
Asian Regional Qualifiers Host Announced