MITRE’s Center for Threat-Informed Defense Launches Framework to Combat Financial Fraud

McLean, Va., and Bedford, Mass., April 9, 2026 — Financial fraud is costing banks billions annually, reaching $13.7 billion in 2024 alone, placing growing strain on institutions tasked with combating increasingly sophisticated cybercriminals. MITRE’s Center for Threat-Informed Defense (CTID) has released new research designed to help financial institutions better understand, detect, and prevent fraud through a shared framework of adversary behaviors.

The research introduces the MITRE Fight Fraud Framework™ (F3), a first-of-its-kind effort to define and standardize the tactics and techniques used in cyber-enabled financial fraud. While organizations often share threat intelligence, differences in detection methods and defensive capabilities limit its effectiveness.

“Effective defense starts with a shared understanding of real-world adversary behavior,” said Leslie Anderson, chief cyber strategist and head of threat-informed defense programs, MITRE. “Through collaborative research, we’re able to ground our work in operational experience and deliver practical frameworks that organizations can apply immediately to strengthen their defenses.”

MITRE F3 was developed through MITRE’s Center for Threat-Informed Defense (CTID) and CTID member-powered collaboration. CTID gratefully acknowledges the significant contributions and deep expertise provided by the Aviation Information Sharing and Analysis Center (A-ISAC), Citi, CrowdStrike, Financial Services ISAC (FS-ISAC), JPMorganChase, Lloyds Banking Group, Marsh, National Retail Federation (NRF), Retail & Hospitality ISAC (RH-ISAC), Standard Chartered, and Verizon Business toward the development of MITRE F3. CTID further recognizes Group-IB as a key data contributor whose insights and contributions supported the development of F3.

From Reactive to Proactive Fraud Defense

Fraud actors often blend traditional cyber techniques with domain-specific fraud tactics, making a unified cyber-fraud framework essential. F3 helps defenders connect technical signals to real-world fraud events, enabling a shift from reactive response to proactive defense.

The methodology and detailed mappings are freely available through CTID’s research resources, enabling organizations of all sizes to apply the framework, strengthen defenses, and validate controls against evolving threats. As the research evolves, CTID members and collaborators will continue to expand it with additional techniques, data sources, and mitigations, extending its applicability beyond banking.

Building on the Success of ATT&CK

MITRE’s ATT&CK® framework has become a cornerstone of modern cybersecurity, providing a globally adopted knowledge base of adversary tactics and techniques. F3 builds on that proven model, extending it to the financial sector, where fraud has lacked a unified taxonomy despite its widespread impact.

By establishing a common language, F3 enables fraud analysts and cyber defenders to more effectively share insights, align defenses, and improve outcomes across institutions.

Accessible, Community-Driven Research

The methodology and detailed mappings are freely available through CTID’s research resources, giving organizations of all sizes the tools to strengthen fraud defenses, model adversary behavior, and validate controls against evolving threats. Contributions from leading financial institutions and security vendors help ensure the research reflects real-world fraud activity across complex environments.

This initiative underscores MITRE’s commitment to advancing threat-informed defense through collaboration and public benefit. CTID works with organizations that contribute to and apply this research, strengthening both their own defenses and the broader community. Fraud and cybersecurity professionals are encouraged to explore the research, apply it within their environments, and engage with CTID to help advance and expand this work.

Access F3 research at https://ctid.mitre.org/fraud.

About The Center for Threat-Informed Defense

The Center for Threat-Informed Defense is a non-profit research and development consortium operated by MITRE. Its mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the Center builds on MITRE ATT&CK®, a foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the Center operates for the public good, outputs of its research and development are available publicly and for the benefit of all. See https://ctid.mitre.org.

About MITRE

MITRE’s mission-driven teams are dedicated to driving solutions to our nation’s most pressing challenges. As a not-for-profit research and development organization, MITRE’s staff leverage our unique multi-sponsor vantage point, systems expertise, and innovative solutions to ensure the health, prosperity, and security of our nation.

Media Contact: Sarah Lytle, media@mitre.org