JUST RELEASED: ATT&CK for Industrial Control Systems
TECHNIQUES
PRE-ATT&CK
Priority Definition Planning
Priority Definition Direction
Target Selection
Technical Information Gathering
People Information Gathering
Organizational Information Gathering
Technical Weakness Identification
People Weakness Identification
Organizational Weakness Identification
Adversary OPSEC
Establish & Maintain Infrastructure
Persona Development
Build Capabilities
Test Capabilities
Stage Capabilities
Enterprise
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Mobile
Initial Access
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Impact
Collection
Exfiltration
Command and Control
Network Effects
Remote Service Effects
  1. Home
  2. Techniques
  3. PRE-ATT&CK
  4. Assess vulnerability of 3rd party vendors

Assess vulnerability of 3rd party vendors

Once a 3rd party vendor has been identified as being of interest it can be probed for vulnerabilities just like the main target would be. [1] [2]

ID: T1298
Tactic: Organizational Weakness Identification
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: 3rd parties would most likely not report network scans to their partners. Target network would not know that their 3rd party partners were being used as a vector.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: The difficult part is enumerating all 3rd parties. Finding major partners would not be difficult. Significantly easier with insider knowledge. Vulnerability scanning the 3rd party networks is trivial.

References

  1. Kim Zetter. (2015, January 4). The Biggest Security Threats We’ll Face in 2015. Retrieved March 5, 2017.
  1. Paul Ziobro. (2014, February 6). Target Breach Began With Contractor's Electronic Billing Link. Retrieved March 6, 2017.