CAPEC-529: Malware-Directed Internal Reconnaissance
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
Adversary uses malware or a similarly controlled application installed inside an organizational perimeter to gather information about the composition, configuration, and security mechanisms of a targeted application, system or network.
前提条件
- The adversary must have internal, logical access to the target network and system.
所需技能
所需资源
- The adversary requires a variety of tools to collect information about the target. These include port/network scanners and tools to analyze responses from applications to determine version and configuration information. Footprinting a system adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected.
后果影响
影响范围: Confidentiality
技术影响: Read Data
缓解措施
Keep patches up to date by installing weekly or daily if possible.
Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.