The MITRE Corporation has launched a behavior-based framework known as F3 to provide organizations with a structured knowledge base for identifying and countering fraudulent tactics. By mapping out specific techniques used in real-world attacks, the tool fosters global collaboration to improve the detection and prevention of cyber-enabled fraud.

The non-profit MITRE Corporation recently introduced a new strategic framework designed to assist organizations in the ongoing battle against fraudulent activity. Known as the Fight Fraud Framework, or MITRE F3, this curated knowledge base offers a behavior-based model that catalogs the tactics, techniques, and procedures used by fraudsters. It is built upon data from real-world attacks, providing a practical map for understanding how deceptive practices are used to illegally obtain money, assets, or sensitive information through digital channels.

This analyst-developed resource was created to serve as a structured and transparent tool that is both operationally relevant and accessible to the global community. By providing a common taxonomy for describing cyber fraud incidents, the framework aims to bridge the gaps between different institutions. The goal is to enable more effective collaboration among professionals, allowing them to share insights and coordinate their response to various financial threats more efficiently.

A significant aspect of MITRE F3 is its ability to detail specific behaviors that were previously missing from the well-known ATT&CK framework. It achieves this by introducing two distinct fraud-specific tactics known as positioning and monetization. These additions reflect the reality that fraud involves more than just gaining unauthorized access to a system; it also requires the careful manipulation of data and the eventual extraction of value from compromised assets.

The positioning tactic focuses on the actions taken after an initial compromise to prepare for the final stages of an attack, while monetization covers the specific methods threat actors use to convert stolen information or access into liquid value. These stages are critical because they represent the uniqueness of fraud, where the ultimate success of the criminal depends on moving and extracting wealth. By documenting these phases, the framework allows defenders to track fraudulent activity from the very beginning until the point of financial impact.

Beyond adding new tactics, MITRE F3 also adapts existing definitions from the ATT&CK framework to better fit the context of fraud. Core concepts such as reconnaissance, resource development, initial access, and defense evasion have been refined to reflect the specific nuances of financial crimes. This comprehensive approach ensures that security teams have a specialized set of tools to identify and disrupt the entire lifecycle of a fraudulent operation.

Source: https://ctid.mitre.org/fraud/#/matrix