TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

NCSC UK Reports

Organisational use of Enterprise Connected Devices

2022-05-10 · Read original ↗

ATT&CK techniques detected

14 predictions
T1584.005Botnet
91%
"potentially be compromised by anybody on the internet. * shodan is a search engine that lets users search for internet - connected devices bots while threat actors still make ready use of compromised traditional computers, their bot armies are now increasingly composed of iot. th…"
T1584.005Botnet
90%
"recorders. each infected device in the botnet would be reprogrammed to carry out password attacks on other devices in order to keep the botnet alive and growing. with a large enough botnet, attackers can launch powerful ddos attacks. both state and non - state actors are likely t…"
T1584.005Botnet
83%
"motivated, and their capabilities vary. they often attempt to disrupt services via ddos attacks or encrypt data through ransomware and demand payment. cyber criminals will likely attempt to gain access to insecure ecds by openly scanning for vulnerabilities that can be exploited.…"
T1195Supply Chain Compromise
70%
"exacerbate supply chain vulnerabilities. supply chain attacks typically occur before devices are deployed onto organisations ' networks. however, as seen in the solarwinds supply chain attack, compromised software updates to devices deployed onto a network can also be a vector. s…"
T1195Supply Chain Compromise
66%
"range of sectors, including defence, education, engineering, government, it, medicine, and military. the goals for cyber espionage campaigns may differ but are often focused on theft of information without the target becoming aware. it is a realistic possibility that nation state…"
T1584.008Network Devices
59%
"home office routers and network - access storage ( nas ) devices, which are hardware devices made up of several hard drives used to store data in a single location that can be accessed by multiple users. vpnfilter operates in multiple stages that include initial infection, comman…"
T1486Data Encrypted for Impact
57%
"range of sectors, including defence, education, engineering, government, it, medicine, and military. the goals for cyber espionage campaigns may differ but are often focused on theft of information without the target becoming aware. it is a realistic possibility that nation state…"
T1584.008Network Devices
51%
"and can quickly create major issues if compromised by a cyber actor. office equipment, such as printers, are also potential access points - a compromised printer could easily mean that the attacker can view everything that is printed or scanned in an office. monetary gain ecd att…"
T1190Exploit Public-Facing Application
48%
"corporate networks. ultimately, unpatched devices can then lead to data breaches or exposed information, manipulation of other assets, access to servers and systems, deployment of malware, or even physical disruption of operations. case study : enterprise printer vulnerabilities …"
T1190Exploit Public-Facing Application
47%
"an organisation ’ s utility installations from a distance rather than going into the field themselves. this has presented opportunities for organisations to work innovatively but has also created new opportunities for threat actors. the increase in the number of connected service…"
T1195Supply Chain Compromise
40%
"and related software for ecds can lead to compromised systems. network services can, for example, be exploited to steal user credentials or push malicious firmware updates. case study : ripple20 in june 2020, researchers announced 19 zero - day vulnerabilities impacting millions …"
T1498.001Direct Network Flood
37%
"##ly but has also created new opportunities for threat actors. organisations increasingly rely on ecds. many of these devices are built with poor security which could result in these devices being used as part of ddos attacks, such as against large organisations and critical nati…"
T1190Exploit Public-Facing Application
36%
"and related software for ecds can lead to compromised systems. network services can, for example, be exploited to steal user credentials or push malicious firmware updates. case study : ripple20 in june 2020, researchers announced 19 zero - day vulnerabilities impacting millions …"
T1583.005Botnet
33%
"potentially be compromised by anybody on the internet. * shodan is a search engine that lets users search for internet - connected devices bots while threat actors still make ready use of compromised traditional computers, their bot armies are now increasingly composed of iot. th…"

Summary

Assessing the cyber security threat to UK organisations using Enterprise Connected Devices.