Standard attack pattern
Stable
CAPEC-529: Malware-Directed Internal Reconnaissance
Adversary uses malware or a similarly controlled application installed inside an organizational perimeter to gather information about the composition, configuration, and security mechanisms of a targeted application, system or network.
Last updated
Medium
Typical severity
Per MITRE
Medium
Likelihood of attack
Per MITRE
0
Related weaknesses
CWEs this targets
Standard
Abstraction
MITRE classification
Overview
CAPEC-529 (Malware-Directed Internal Reconnaissance) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The adversary must have internal, logical access to the target network and system.
Skills required
- Medium skill: The adversary must be able to obtain or develop, as well as place malicious software inside the target network/system.
Resources required
- The adversary requires a variety of tools to collect information about the target. These include port/network scanners and tools to analyze responses from applications to determine version and configuration information. Footprinting a system adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected.
Consequences
What a successful CAPEC-529 attack can achieve.
Read Data
Affects: Confidentiality
How to mitigate it
Defenses that reduce the risk of CAPEC-529.
- Keep patches up to date by installing weekly or daily if possible.
- Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.