Mitigation Limited or Not Effective

This type of attack technique cannot be easily mitigated with preventative controls since it is based on the abuse of system features.

ID: M0816
Version: 1.0
Created: 11 September 2020
Last Modified: 24 October 2022

Techniques Addressed by Mitigation

Domain ID Name Use
ICS T0823 Graphical User Interface

Once an adversary has access to a remote GUI they can abuse system features, such as required HMI functions.

ICS T0877 I/O Image

This technique may not be effectively mitigated against, consider controls for assets and processes that lead to the use of this technique.

ICS T0835 Manipulate I/O Image

This technique may not be effectively mitigated against, consider controls for assets and processes that lead to the use of this technique.

ICS T0801 Monitor Process State

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

ICS T0840 Network Connection Enumeration

Network connection enumeration is likely obtained by using common system tools (e.g., netstat, ipconfig).

ICS T0852 Screen Capture

Preventing screen capture on a device may require disabling various system calls supported by the operating systems (e.g., Microsoft WindowsGraphicsCaputer APIs), however, these may be needed for other critical applications.