What is MITRE ATT&CK Matrix (Matrices) for Mobile?

The MITRE ATT&CK framework breaks down the lifecycle of a cyberattack into a set of objectives that an attacker may need to complete and methods for accomplishing them. While the Enterprise Matrix is the most famous component of the MITRE ATT&CK framework, it also includes Matrices focused on mobile devices.

Schedule a Demo Mobile Security Report

Inside the Escalating Mobile Security Threat Landscape

Mobile devices are increasingly becoming employees’ system of choice for doing their work. According to a forecast by IDC, the number of US mobile workers will increase to 93.5 million by 2024, constituting 60% of the workforce.


As mobile devices become more vital to business operations, they are also a growing focus of cybercriminals. According to Check Point Research, 97% of organizations have experienced threats to their mobile devices, and 46% have had an employee download a malicious mobile app that put the company at risk.


As mobile devices become an increasingly important and threatened part of the corporate environment, companies need to take steps to better secure them. The Mobile Matrices in the MITRE ATT&CK framework can help with this.

Introduction to MITRE ATT&CK’s Mobile Matrices

The Mobile section of the MITRE ATT&CK framework includes a few different Matrices. Platform-specific Matrices exist for iOS and Android devices, and a general Mobile Matrix covers threats to both. LIke the Enterprise Matrix, the Mobile Matrices in the MITRE ATT&CK framework are organized as hierarchies.


The top levels of these hierarchies are:


  • Tactics: MITRE ATT&CK Tactics are the goals an attacker might need to reach during their attack. These include obtaining initial access to a system, evading defenses, data collection, and similar attack stages.
  • Techniques: Techniques are specific methods for reaching the goals of a certain Tactic. For example, phishing attacks are a Technique used to achieve Initial Access to an environment.


At the Tactic level, the MITRE ATT&CK Mobile Matrices are largely identical to the Enterprise Matrix. They share eleven of their Tactics, but the Enterprise Matrix has recently been updated to include two new Tactics. These cover Pre-ATT&CK stages that previously existed in their own Matrix.


Below the Tactic level, the Mobile Matrices is very different from the Enterprise one. The Techniques it contains are focused on mobile-specific attack vectors. More general threats to mobile devices are not covered in these Matrices since they are included in the Enterprise Matrix. A comprehensive view of the potential threats to enterprise mobile devices combines the threats described in the Enterprise matrix with those contained within the Mobile matrices.


The Mobile Matrices also differ from the Enterprise one in their lack of Sub-Techniques. This is a relatively new feature, and the Mobile Matrices have not yet been updated to include them.

Leveraging the MITRE ATT&CK Mobile Matrices

The MITRE ATT&CK framework outlines the various ways in which an attacker can achieve objectives throughout the lifecycle of a cyberattack. For each Technique in the Mobile Matrices, MITRE provides a wealth of information about how the Technique works, how to detect it, and ways to prevent or respond to it.


This information can be utilized to develop a mobile security strategy or evaluate an organization’s existing mobile security solutions. By working through the different Tactics and Techniques, an organization can test its defenses and identify any potential gaps.


Ideally, an organization should have in place solutions that can detect, prevent, or respond to every Technique for every Tactic in the MITRE ATT&CK Mobile Matrices. If this is not the case, then, the organization’s mobile devices – and the data that they contain – are at risk.

Defending Against Mobile Threats with Check Point

Mobile security is a growing concern for any organization. The sudden surge in remote work only accelerated an existing trend toward the use of mobile devices for business. Cybercriminals have taken note and are increasingly targeting mobile devices in their attacks.

The MITRE ATT&CK Mobile Matrices highlight a number of different methods by which an attacker could achieve their objectives on mobile devices. Effective mobile security requires the ability to identify and defend against all of these potential attack vectors.


Check Point’s Harmony Mobile is an industry-leading mobile security solution with robust protection against the threats outlined in the MITRE ATT&CK Mobile Matrices. Read about how Harmony Mobile was recently recognized by Gartner for offering Mobile Security Capabilities as Part of an EPP or UES Offering as well as All-Round Mobile Threat Defense Capabilities.

Effective mobile security requires an understanding of mobile threats. To learn more about the modern mobile threat landscape, check out Check Point’s Mobile Security Report. You can also find out more about Harmony Mobile and request a demo to learn how Check Point can help improve your organization’s mobile security.

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.