Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. <code>reload</code>).(Citation: Microsoft Shutdown Oct 2017)(Citation: alert_TA18_106A) They may also include shutdown/reboot of a virtual machine via hypervisor / cloud consoles or command line tools.
Shutting down or rebooting systems may disrupt access to computer resources for legitimate users while also impeding incident response/recovery.
Adversaries may attempt to shutdown/reboot a system after impacting it in other ways, such as Disk Structure Wipe or Inhibit System Recovery, to hasten the intended effects on system availability.(Citation: Talos Nyetya June 2017)(Citation: Talos Olympic Destroyer 2018)
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| DCS-18 | Datacenter Operations Resilience | mitigates | T1529 | System Shutdown/Reboot |
Comments
Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. This control establishes and regularly evaluates processes, procedures, and technical measures to ensure continuous operations of the datacenter, mitigating attacker techniques such as denial‑of‑service and other availability‑impacting attacks that seek to disrupt business and operational continuity.
References
|
| DCS-15 | Secure Utilities | mitigates | T1529 | System Shutdown/Reboot |
Comments
Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems.
This control requires securing, monitoring, maintaining, and regularly testing utility services (e.g., power, HVAC, communications) to ensure ongoing effectiveness, mitigating attacker techniques such as disruption of infrastructure, exploitation of unmonitored service failures, and availability attacks that can compromise system resilience.
References
|