Standard attack pattern
Usable
CAPEC-578: Disable Security Software
An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, deleting registry keys so that tools do not start at run time, deleting log files, or other methods.
Last updated
Medium
Typical severity
Per MITRE
Medium
Likelihood of attack
Per MITRE
1
Related weaknesses
CWEs this targets
Standard
Abstraction
MITRE classification
Overview
CAPEC-578 (Disable Security Software) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The adversary must have the capability to interact with the configuration of the targeted system.
Resources required
- None: No specialized resources are required to execute this type of attack.
Consequences
What a successful CAPEC-578 attack can achieve.
Hide Activities
Affects: Availability
By disabling certain security tools, the adversary can hide malicious activity and avoid detection.
How to mitigate it
Defenses that reduce the risk of CAPEC-578.
- Ensure proper permissions are in place to prevent adversaries from altering the execution status of security tools.