Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users. (Citation: Sucuri BIND9 August 2015) Some systems may automatically restart critical applications and services when crashes occur, but they can likely be re-exploited to cause a persistent denial of service (DoS) condition.
Adversaries may exploit known or zero-day vulnerabilities to crash applications and/or systems, which may also lead to dependent applications and/or systems to be in a DoS condition. Crashed or restarted applications or systems may also have other effects such as Data Destruction, Firmware Corruption, Service Stop etc. which may further cause a DoS condition and deny availability to critical information, applications and/or systems.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CA-07 | Continuous Monitoring | mitigates | T1499.004 | Application or System Exploitation | |
| CM-06 | Configuration Settings | mitigates | T1499.004 | Application or System Exploitation | |
| SI-10 | Information Input Validation | mitigates | T1499.004 | Application or System Exploitation | |
| SI-15 | Information Output Filtering | mitigates | T1499.004 | Application or System Exploitation | |
| CM-07 | Least Functionality | mitigates | T1499.004 | Application or System Exploitation | |
| SI-04 | System Monitoring | mitigates | T1499.004 | Application or System Exploitation | |
| AC-03 | Access Enforcement | mitigates | T1499.004 | Application or System Exploitation | |
| AC-04 | Information Flow Enforcement | mitigates | T1499.004 | Application or System Exploitation | |
| SC-07 | Boundary Protection | mitigates | T1499.004 | Application or System Exploitation |
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| action.hacking.variety.DoS | Denial of service | related-to | T1499.004 | Application or System Exploitation | |
| action.malware.variety.DoS | DoS attack | related-to | T1499.004 | Application or System Exploitation | |
| attribute.availability.variety.Degradation | Performance degradation | related-to | T1499.004 | Application or System Exploitation | |
| attribute.availability.variety.Loss | Loss | related-to | T1499.004 | Application or System Exploitation |
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| aws_config | AWS Config | technique_scores | T1499.004 | Application or System Exploitation |
Comments
The "elb-cross-zone-load-balancing-enabled" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. "cloudfront-origin-failover-enabled" can verify that failover policies are in place to increase CloudFront content availability.
Coverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.
References
|