This type of attack technique cannot be easily mitigated with preventative controls since it is based on the abuse of system features.
Domain | ID | Name | Use | |
---|---|---|---|---|
ICS | T0823 | Graphical User Interface |
Once an adversary has access to a remote GUI they can abuse system features, such as required HMI functions. |
|
ICS | T0877 | I/O Image |
This technique may not be effectively mitigated against, consider controls for assets and processes that lead to the use of this technique. |
|
ICS | T0835 | Manipulate I/O Image |
This technique may not be effectively mitigated against, consider controls for assets and processes that lead to the use of this technique. |
|
ICS | T0801 | Monitor Process State |
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features. |
|
ICS | T0840 | Network Connection Enumeration |
Network connection enumeration is likely obtained by using common system tools (e.g., netstat, ipconfig). |
|
ICS | T0852 | Screen Capture |
Preventing screen capture on a device may require disabling various system calls supported by the operating systems (e.g., Microsoft WindowsGraphicsCaputer APIs), however, these may be needed for other critical applications. |