Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users. Network DoS can be performed by exhausting the network bandwidth that services rely on, or by jamming the signal going to or coming from devices.
A Network DoS will occur when an adversary is able to jam radio signals (e.g. Wi-Fi, cellular, GPS) around a device to prevent it from communicating. For example, to jam cellular signal, an adversary may use a handheld signal jammer, which jam devices within the jammer’s operational range.[1]
Usage of cellular jamming has been documented in several arrests reported in the news.[2][3][4][5]
| ID | Name | Description |
|---|---|---|
| S1062 | S.O.V.A. |
S.O.V.A. has C2 commands to add an infected device to a DDoS pool.[6] |
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
| ID | Data Source | Data Component |
|---|---|---|
| DS0042 | User Interface | System Notifications |
Unexpected loss of radio signal could indicate that a device is being actively jammed.