Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users. (Citation: Sucuri BIND9 August 2015) Some systems may automatically restart critical applications and services when crashes occur, but they can likely be re-exploited to cause a persistent DoS condition.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| AC-3 | Access Enforcement | Protects | T1499.004 | Application or System Exploitation | |
| AC-4 | Information Flow Enforcement | Protects | T1499.004 | Application or System Exploitation | |
| CA-7 | Continuous Monitoring | Protects | T1499.004 | Application or System Exploitation | |
| CM-6 | Configuration Settings | Protects | T1499.004 | Application or System Exploitation | |
| CM-7 | Least Functionality | Protects | T1499.004 | Application or System Exploitation | |
| SC-7 | Boundary Protection | Protects | T1499.004 | Application or System Exploitation | |
| SI-10 | Information Input Validation | Protects | T1499.004 | Application or System Exploitation | |
| SI-15 | Information Output Filtering | Protects | T1499.004 | Application or System Exploitation | |
| SI-4 | System Monitoring | Protects | T1499.004 | Application or System Exploitation |
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| action.hacking.variety.DoS | Denial of service | related-to | T1499.004 | Endpoint Denial of Service: Application or System Exploitation | |
| action.malware.variety.DoS | DoS attack | related-to | T1499.004 | Endpoint Denial of Service: Application or System Exploitation |
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| aws_config | AWS Config | technique_scores | T1499.004 | Application or System Exploitation |
Comments
The "elb-cross-zone-load-balancing-enabled" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. "cloudfront-origin-failover-enabled" can verify that failover policies are in place to increase CloudFront content availability.
Coverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.
References
|