| Name |
Malware-Directed Internal Reconnaissance |
|
| Likelyhood of attack |
Typical severity |
| Medium |
Medium |
|
| Summary |
Adversary uses malware or a similarly controlled application installed inside an organizational perimeter to gather information about the composition, configuration, and security mechanisms of a targeted application, system or network. |
| Prerequisites |
The adversary must have internal, logical access to the target network and system. |
| Solutions | Keep patches up to date by installing weekly or daily if possible. Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist. |
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-169 |
An adversary engages in probing and exploration activities to identify constituents and properties of the target. |
|