The MITRE ATT&CK framework provides an invaluable structure for understanding the tactics, techniques, and procedures (TTPs) used by advanced threat actors. Security Command Center (SCC), Google Cloud's security and risk management platform, offers robust capabilities for detecting and mitigating these threats. In this post, we'll delve into how to map the MITRE ATT&CK technique of Resource Hijacking (T1496) to SCC findings, potentially augmented with Google Chronicle for enhanced visibility.
Understanding Resource Hijacking (T1496)
Resource hijacking involves adversaries targeting publicly exposed resources to exploit for malicious purposes. A common example is cryptojacking, where attackers compromise systems to illicitly mine cryptocurrency using the victim's computing power.
The Power of SCC: Detection and Response
Security Command Center helps identify and respond to resource hijacking attempts in several ways:
Findings identified in SCC will be tagged with their associated MITRE ATT&CK categories and we can use the Finding Query Editor to search for these
Each mapped Finding will contain additional details about their respective MITRE ATT&CK category.
Augmenting SCC with Chronicle
Chronicle's powerful SIEM capabilities enhance analysis and historical context when used alongside SCC:
By mapping these detection capabilities to the ATT&CK framework, you establish a common language for understanding and responding to resource hijacking threats. This mapping helps you:
The threat landscape constantly evolves. Staying informed about the ATT&CK framework and continuously mapping security findings to it empowers you to proactively adjust your detection and mitigation strategies.
Useful Links and Resources:
SCC best practices for stopping crypto mining attacks
https://cloud.google.com/security-command-center/docs/cryptomining-detection-best-practices
VM Threat Detection
https://cloud.google.com/security-command-center/docs/concepts-vm-threat-detection-overview
Query Findings in SCC
https://cloud.google.com/security-command-center/docs/how-to-build-findings-query-console
MITRE ATT&CK Framework
T1496 - Resource Hijacking