T1499.004 Application or System Exploitation Mappings

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users. (Citation: Sucuri BIND9 August 2015) Some systems may automatically restart critical applications and services when crashes occur, but they can likely be re-exploited to cause a persistent DoS condition.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
AC-3 Access Enforcement Protects T1499.004 Application or System Exploitation
AC-4 Information Flow Enforcement Protects T1499.004 Application or System Exploitation
CA-7 Continuous Monitoring Protects T1499.004 Application or System Exploitation
CM-6 Configuration Settings Protects T1499.004 Application or System Exploitation
CM-7 Least Functionality Protects T1499.004 Application or System Exploitation
SC-7 Boundary Protection Protects T1499.004 Application or System Exploitation
SI-10 Information Input Validation Protects T1499.004 Application or System Exploitation
SI-15 Information Output Filtering Protects T1499.004 Application or System Exploitation
SI-4 System Monitoring Protects T1499.004 Application or System Exploitation
azure_private_link Azure Private Link technique_scores T1499.004 Application or System Exploitation
azure_automation_update_management Azure Automation Update Management technique_scores T1499.004 Application or System Exploitation
Comments
This control provides significant protection against Denial of Service (DOS) attacks that leverage system/application vulnerabilities as opposed to volumetric attacks since it enables automated updates of software and rapid configuration change management.
References