Decoding Cyber Threats in Education: A Deep Dive into TTPs using MITRE ATT&CK

Speakers

Lisa Deery - HEAnet
Olga Spillane - HEAnet

Introduction (5 minutes)

  • Welcome and introduction to the topic, emphasizing the critical role of cybersecurity in protecting educational institutions.
  • Brief overview of the MITRE ATT&CK framework and its significance in understanding cyber threats.

The Evolution of Cyber Threats in Education (5 minutes)

  • Discussion on the rise of cyber threats targeting the educational sector, highlighting recent incidents and their impact.
  • Explanation of why educational institutions are attractive targets for cybercriminals, focusing on the wealth of personal and financial data they hold.

Unpacking TTPs with MITRE ATT&CK (10 minutes)

  • Detailed explanation of the MITRE ATT&CK framework, its components (tactics, techniques, and procedures), and how it helps in understanding adversary behaviour.
  • Live demonstration of navigating the MITRE ATT&CK matrix, showcasing how to identify and analyse TTPs relevant to the educational sector.
  • Case study: Mapping a recent cyber-attack on an educational institution to the MITRE ATT&CK framework to illustrate the practical application of the framework.

Operationalising MITRE ATT&CK for Threat Hunting (5 minutes)

  • Discussion on how security teams can operationalize the MITRE ATT&CK framework for proactive threat hunting and defence.
  • Highlighting the roles of threat intelligence, red, blue, and purple teams in utilising the framework effectively.

Bridging the Gap: From Identification to Mitigation (5 minutes)

  • Exploring how vulnerability scanning and penetration testing complement the use of MITRE ATT&CK in identifying security gaps.
  • Strategies for translating identified TTPs into actionable mitigation plans, including policy updates, technological enhancements, and staff training.

Conclusion and Interactive Q&A (5 minutes)

  • Recap of key points: the importance of understanding TTPs, the utility of the MITRE ATT&CK framework, and the path towards enhanced cybersecurity in education.
  • Opening the floor for questions and encouraging attendees to explore the MITRE ATT&CK framework further.
    Q&A Session (5 minutes)
  • Addressing audience queries, providing clarifications, and discussing potential applications of the presented concepts.