T1499.004 Application or System Exploitation Mappings

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users. (Citation: Sucuri BIND9 August 2015) Some systems may automatically restart critical applications and services when crashes occur, but they can likely be re-exploited to cause a persistent denial of service (DoS) condition.

Adversaries may exploit known or zero-day vulnerabilities to crash applications and/or systems, which may also lead to dependent applications and/or systems to be in a DoS condition. Crashed or restarted applications or systems may also have other effects such as Data Destruction, Firmware Corruption, Service Stop etc. which may further cause a DoS condition and deny availability to critical information, applications and/or systems.

View in MITRE ATT&CK®

VERIS Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
action.hacking.variety.DoS Denial of service related-to T1499.004 Endpoint Denial of Service: Application or System Exploitation
action.malware.variety.DoS DoS attack related-to T1499.004 Endpoint Denial of Service: Application or System Exploitation
attribute.availability.variety.Degradation Performance degradation related-to T1499.004 Endpoint Denial of Service: Application or System Exploitation
attribute.availability.variety.Loss Loss related-to T1499.004 Endpoint Denial of Service: Application or System Exploitation

AWS Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
aws_config AWS Config technique_scores T1499.004 Application or System Exploitation
Comments
The "elb-cross-zone-load-balancing-enabled" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. "cloudfront-origin-failover-enabled" can verify that failover policies are in place to increase CloudFront content availability. Coverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.
References