Adversaries may modify visual content available internally or externally to an enterprise network, thus affecting the integrity of the original content. Reasons for Defacement include delivering messaging, intimidation, or claiming (possibly false) credit for an intrusion. Disturbing or offensive images may be used as a part of Defacement in order to cause user discomfort, or to pressure compliance with accompanying messages.
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
---|---|---|---|---|
AC-3 | Access Enforcement | Protects | T1491 | Defacement |
AC-6 | Least Privilege | Protects | T1491 | Defacement |
CM-2 | Baseline Configuration | Protects | T1491 | Defacement |
CP-10 | System Recovery and Reconstitution | Protects | T1491 | Defacement |
CP-2 | Contingency Plan | Protects | T1491 | Defacement |
CP-7 | Alternate Processing Site | Protects | T1491 | Defacement |
CP-9 | System Backup | Protects | T1491 | Defacement |
SI-3 | Malicious Code Protection | Protects | T1491 | Defacement |
SI-4 | System Monitoring | Protects | T1491 | Defacement |
SI-7 | Software, Firmware, and Information Integrity | Protects | T1491 | Defacement |
attribute.availability.variety.Obscuration | Conversion or obscuration (ransomware) | related-to | T1491 | Defacement |
attribute.integrity.variety.Defacement | Deface content | related-to | T1491 | Defacement |
Technique ID | Technique Name | Number of Mappings |
---|---|---|
T1491.002 | External Defacement | 12 |
T1491.001 | Internal Defacement | 12 |