Identify business relationships

From pre-attack
Jump to: navigation, search


Identify business relationships
Technique
ID PRE-T1060
Tactic Organizational Information Gathering

Definition

Business relationship information may be used by an adversary to shape social engineering attempts (exploiting who a target expects to hear from) or to plan for technical actions such as exploiting network trust relationship.1

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Requires an intensive process. In some industries, business relationships may be public in order to generate business, but this is not the case for all industries and all relationships.

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Exception to the rule is if the adversary tips off the target that others have been asking about the relationship with them.

Similar Techniques for Other Tactics

TacticArticle
Organizational Information GatheringIdentify business relationships
People Information GatheringIdentify business relationships