The acronym TTP refers to all Tactics, Techniques and Procedures used by malicious actors to plan, execute and refine their attacks. TTP therefore refers to the modus operandi of cybercriminalsIn other words, all the methods and approaches used to carry out their attacks.
These components provide an analytical framework enabling experts to understand the approach of cyber attackers, anticipate their actions and implement appropriate defences.
π Definition of TTP components
- Tactics : they represent the attacker's overall objective, such as the data theft or the disruption of a system
- Techniques These are the specific methods used to achieve the tactical objective, such as the use of malware or the operation of vulnerabilities
- Procedures attack: the sequence of concrete actions taken to execute a technique, detailing the precise stages of the attack.
π Examples of common TTPs
Phishing
β Tacticsobtaining confidential information
β TechnicalSending misleading e-mails
β Procedurecreating a fake website, writing a convincing e-mail, sending it en masse to potential victims, etc.
Denial of service attacks (DDoS)
β Tactics disrupt the operation of a system
β Technical flooding a server with traffic
β Procedure use of a network of bots (botnet), attack synchronisation, targeting weak points in the infrastructure
Exploitation of vulnerabilities
β Tactics taking control of a system
β Technical Use of known software vulnerabilities
β Procedure scanning of systems to detect vulnerabilities, development of a operationmalicious code execution
Lateral movement
β Tactics extending access within a compromised network
β Technical access token handling
β Procedure compromising a user account, using tools such as Mimikatz to extract identifiers, pivoting to other systems, etc.
Understanding TTPs is crucial for healthcare professionals. cyber securityIt enables more effective defences to be developed, improves intrusion detection and enables targeted countermeasures to be put in place against cyber threats.
