ID | Name |
---|---|
T1496.001 | Compute Hijacking |
T1496.002 | Bandwidth Hijacking |
T1496.003 | SMS Pumping |
T1496.004 | Cloud Service Hijacking |
Adversaries may leverage the network bandwidth resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.
Adversaries may also use malware that leverages a system's network bandwidth as part of a botnet in order to facilitate Network Denial of Service campaigns and/or to seed malicious torrents.[1] Alternatively, they may engage in proxyjacking by selling use of the victims' network bandwidth and IP address to proxyware services.[2] Finally, they may engage in internet-wide scanning in order to identify additional targets for compromise.[3]
In addition to incurring potential financial costs or availability disruptions, this technique may cause reputational damage if a victim’s bandwidth is used for illegal activities.[2]
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
ID | Data Source | Data Component | Detects |
---|---|---|---|
DS0017 | Command | Command Execution |
Monitor executed commands and arguments that may indicate common proxyware functionality. |
DS0022 | File | File Creation |
Monitor for common proxyware files on local systems that may indicate compromise and resource usage. |
DS0029 | Network Traffic | Network Connection Creation |
Monitor for newly constructed network connections that are sent or received by untrusted hosts. Look for connections to/from strange ports. |
Network Traffic Content |
Monitor network traffic content for strange or unusual patterns. |
||
Network Traffic Flow |
Monitor network data for uncommon data flows. Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. |
||
DS0009 | Process | Process Creation |
Monitor for common proxyware software process names that may indicate compromise and resource usage. |