Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.
Resource hijacking may take a number of different forms. For example, adversaries may:
In some cases, adversaries may leverage multiple types of Resource Hijacking at once.(Citation: Sysdig Cryptojacking Proxyjacking 2023)
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| IAM-16 | Authorization Mechanisms | mitigates | T1496 | Resource Hijacking |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
References
|
| DCS-18 | Datacenter Operations Resilience | mitigates | T1496 | Resource Hijacking |
Comments
Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability. This control establishes and regularly evaluates processes, procedures, and technical measures to ensure continuous operations of the datacenter, mitigating attacker techniques such as denial‑of‑service and other availability‑impacting attacks that seek to disrupt business and operational continuity.
References
|
| DCS-15 | Secure Utilities | mitigates | T1496 | Resource Hijacking |
Comments
Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.
This control requires securing, monitoring, maintaining, and regularly testing utility services (e.g., power, HVAC, communications) to ensure ongoing effectiveness, mitigating attacker techniques such as disruption of infrastructure, exploitation of unmonitored service failures, and availability attacks that can compromise system resilience.
References
|
| AIS-06 | Automated Secure Application Deployment | mitigates | T1496 | Resource Hijacking |
Comments
This control applies to the secure deployments of applications and emphasizes the prevention of misconfigurations and malicious deployment activities. Adversaries may abuse compute resource within a victim's cloud environment by modifying any tenant-wide policies that limit the sizes of deployed virtual machines. Deployment templates and automated rollback can enforce resource quotas, network segmentation, and least‑privilege IAM roles, reducing the ability of a compromised deployment to be repurposed for crypto‑mining or other illicit compute use.
References
|
| Technique ID | Technique Name | Number of Mappings |
|---|---|---|
| T1496.002 | Bandwidth Hijacking | 3 |
| T1496.004 | Cloud Service Hijacking | 3 |
| T1496.001 | Compute Hijacking | 2 |