An adversary may deface systems external to an organization in an attempt to deliver messaging, intimidate, or otherwise mislead an organization or users. Externally-facing websites are a common victim of defacement; often targeted by adversary and hacktivist groups in order to push a political message or spread propaganda.(Citation: FireEye Cyber Threats to Media Industries)(Citation: Kevin Mandia Statement to US Senate Committee on Intelligence)(Citation: Anonymous Hackers Deface Russian Govt Site) External Defacement may be used as a catalyst to trigger events, or as a response to actions taken by an organization or government. Similarly, website defacement may also be used as setup, or a precursor, for future attacks such as Drive-by Compromise.(Citation: Trend Micro Deep Dive Into Defacement)
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
---|---|---|---|---|
AC-3 | Access Enforcement | Protects | T1491.002 | External Defacement |
AC-6 | Least Privilege | Protects | T1491.002 | External Defacement |
CM-2 | Baseline Configuration | Protects | T1491.002 | External Defacement |
CP-10 | System Recovery and Reconstitution | Protects | T1491.002 | External Defacement |
CP-2 | Contingency Plan | Protects | T1491.002 | External Defacement |
CP-7 | Alternate Processing Site | Protects | T1491.002 | External Defacement |
CP-9 | System Backup | Protects | T1491.002 | External Defacement |
SI-3 | Malicious Code Protection | Protects | T1491.002 | External Defacement |
SI-4 | System Monitoring | Protects | T1491.002 | External Defacement |
SI-7 | Software, Firmware, and Information Integrity | Protects | T1491.002 | External Defacement |
azure_backup | Azure Backup | technique_scores | T1491.002 | External Defacement |