Mitigation Limited or Not Effective
This type of attack technique cannot be easily mitigated with preventative controls since it is based on the abuse of system features.
Techniques Addressed by Mitigation
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| ICS | T0823 | Graphical User Interface |
Once an adversary has access to a remote GUI they can abuse system features, such as required HMI functions. |
|
| ICS | T0877 | I/O Image |
This technique may not be effectively mitigated against, consider controls for assets and processes that lead to the use of this technique. |
|
| ICS | T0835 | Manipulate I/O Image |
This technique may not be effectively mitigated against, consider controls for assets and processes that lead to the use of this technique. |
|
| ICS | T0801 | Monitor Process State |
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features. |
|
| ICS | T0840 | Network Connection Enumeration |
Network connection enumeration is likely obtained by using common system tools (e.g., netstat, ipconfig). |
|
| ICS | T0852 | Screen Capture |
Preventing screen capture on a device may require disabling various system calls supported by the operating systems (e.g., Microsoft WindowsGraphicsCaputer APIs), however, these may be needed for other critical applications. |
|