MITRE F3 Unites Fraud & Cyber Teams Against Financial Crime

MITRE has rolled out a new framework, the Fight Fraud Framework (F3), designed to bridge the chasm between fraud investigators and cybersecurity analysts. According to Cyber Threat Intelligence, this framework provides a shared language and structure to detect and disrupt financial fraud campaigns across the entire attack lifecycle, a critical need given the massive surge in financial fraud losses, which hit $16.6 billion in the US in 2024.

F3 is a behavior-based model, organizing fraudster tactics and techniques from real-world incidents. It expands on the established MITRE ATT&CK framework by introducing two new tactics: ‘Positioning’ and ‘Monetization’. Positioning covers post-access adversary actions, like data collection or preparing for execution, while Monetization addresses the conversion of stolen assets into usable funds. These additions are crucial because they directly reflect the financial end-goal inherent to fraud that distinguishes it from other cyberattacks.

Where ATT&CK techniques already exist, F3 leverages them directly, adapting definitions for fraud-specific outcomes. New, fraud-specific techniques outside ATT&CK receive F1XXX-series designations, ensuring compatibility with the broader ATT&CK schema. This approach moves beyond traditional rule-based fraud detection, offering a more dynamic, behavior-centric model to identify and combat sophisticated fraud operations.