Network Denial of Service

Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users. Network DoS can be performed by exhausting the network bandwidth that services rely on, or by jamming the signal going to or coming from devices.

A Network DoS will occur when an adversary is able to jam radio signals (e.g. Wi-Fi, cellular, GPS) around a device to prevent it from communicating. For example, to jam cellular signal, an adversary may use a handheld signal jammer, which jam devices within the jammer’s operational range.[1]

Usage of cellular jamming has been documented in several arrests reported in the news.[2][3][4][5]

ID: T1464
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Impact
Platforms: Android, iOS
Version: 1.3
Created: 25 October 2017
Last Modified: 20 March 2023

Procedure Examples

ID Name Description
S1062 S.O.V.A.

S.O.V.A. has C2 commands to add an infected device to a DDoS pool.[6]

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

Detection

ID Data Source Data Component
DS0042 User Interface System Notifications

Unexpected loss of radio signal could indicate that a device is being actively jammed.

References