Skip Navigation
BlackBerry Blog

Top 20 MITRE ATT&CK Tactics Threat Actors Use Now

What are the top MITRE ATT&CK® tactics threat actors are using, and which methods are moving up or down in popularity? The BlackBerry Threat Research and Intelligence Team just revealed the answer, based on more than five million cyberattacks BlackBerry® technology stopped, and our threat researchers analyzed in the last 120 days.

The Value of Understanding Cyberattack Techniques

Ismael Valenzuela is Vice President of Threat Research and Intelligence at BlackBerry. He’s been in cybersecurity for more than two decades and is passionate about the global and geopolitical context of threats. In some cases, this informs which threat actors are targeting which types of organizations, and why.

“We have seen threat actors in Russia, in the past, targeting law firms here in the U.S. They are looking at mergers and acquisitions and using that information to play the stock market,” he recently shared on an episode of the Unsupervised Learning podcast. “All of these things have implications in the real world. And that is something that I am particularly obsessed with. I try to make this type of intelligence more digestible and more strategic, so organizations can prepare.” 

Another way to be strategic is to examine threat groups and their high-level tactics. This helps organizations decide which detection techniques should be prioritized. 

Top MITRE ATT&CK Tactics Threat Actors Are Using Now

In the most recent BlackBerry Global Threat Intelligence Report, our threat researchers observed the following top 20 MITRE techniques used by threat actors between Sept. 1 and Dec. 31, 2023. Here are top techniques:

The top three techniques are well known and are used by adversaries to gather key information to conduct successful attacks. In the Applied Countermeasures section of the report, there are some examples of their usage and other useful information for defenders to monitor.

Below are the top related tactics our threat researchers observed threat actors using:

The most prevalent tactic is privilege escalation, accounting for 26.5 percent of the total tactics observed during this reporting period, followed by discovery with 19.1 percent, and collection with 15.2 percent.

Trending Cyberattack Methods

Which of these cyberattack methods are “trending” and moving up the charts in popularity? Those details are in the chart below. An upward arrow in the last column indicates that usage of the technique has increased since our last report. A downward arrow indicates that usage has decreased since our last report. 

Applied Countermeasures to Popular Cyberattack Techniques

After analyzing the attackers’ techniques and tactics, the BlackBerry Threat Research and Intelligence Team created a helpful list of countermeasures for the five methods used most often. Go straight to page 28 of the BlackBerry Global Threat Intelligence Report to find these.

Our quarterly report has quickly become an important reference guide for both public and private organizations of all sizes. It also includes details on the recent surge in attacks against critical infrastructure, the rise of novel malware against certain industry verticals, and five cyberthreat trends to watch this year.

While it’s true threat actors use a seemingly endless number of tactics, knowing which ones are most prevalent can better help you plan your organization’s security strategy.  

For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.
Bruce Sussman

About Bruce Sussman

Bruce Sussman is Senior Managing Editor at BlackBerry.