{ "type": "bundle", "id": "bundle--0f449267-8ddf-4d23-b45f-46ea033e1e4c", "spec_version": "2.0", "objects": [ { "modified": "2023-03-30T20:16:01.922Z", "name": "Denial of Service", "description": "Adversaries may perform Denial-of-Service (DoS) attacks to disrupt expected device functionality. Examples of DoS attacks include overwhelming the target device with a high volume of requests in a short time period and sending the target device a request it does not know how to handle. Disrupting device state may temporarily render it unresponsive, possibly lasting until a reboot can occur. When placed in this state, devices may be unable to send and receive requests, and may not perform expected response functions in reaction to other events in the environment. \n\nSome ICS devices are particularly sensitive to DoS events, and may become unresponsive in reaction to even a simple ping sweep. Adversaries may also attempt to execute a Permanent Denial-of-Service (PDoS) against certain devices, such as in the case of the BrickerBot malware. (Citation: ICS-CERT April 2017) \n\nAdversaries may exploit a software vulnerability to cause a denial of service by taking advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Vulnerabilities may exist in software that can be used to cause a denial of service condition. \n\nAdversaries may have prior knowledge about industrial protocols or control devices used in the environment through [Remote System Information Discovery](https://attack.mitre.org/techniques/T0888). There are examples of adversaries remotely causing a [Device Restart/Shutdown](https://attack.mitre.org/techniques/T0816) by exploiting a vulnerability that induces uncontrolled resource consumption. (Citation: ICS-CERT August 2018) (Citation: Common Weakness Enumeration January 2019) (Citation: MITRE March 2018) ", "kill_chain_phases": [ { "kill_chain_name": "mitre-ics-attack", "phase_name": "inhibit-response-function" } ], "x_mitre_deprecated": false, "x_mitre_detection": "", "x_mitre_domains": [ "ics-attack" ], "x_mitre_is_subtechnique": false, "x_mitre_platforms": [ "Field Controller/RTU/PLC/IED", "Safety Instrumented System/Protection Relay" ], "x_mitre_version": "1.1", "x_mitre_data_sources": [ "Application Log: Application Log Content", "Operational Databases: Process History/Live Data", "Network Traffic: Network Traffic Content", "Network Traffic: Network Traffic Flow" ], "type": "attack-pattern", "id": "attack-pattern--1b22b676-9347-4c55-9a35-ef0dc653db5b", "created": "2020-05-21T17:43:26.506Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "revoked": false, "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T0814", "external_id": "T0814" }, { "source_name": "Common Weakness Enumeration January 2019", "description": "Common Weakness Enumeration 2019, January 03 CWE-400: Uncontrolled Resource Consumption Retrieved. 2019/03/14 ", "url": "http://cwe.mitre.org/data/definitions/400.html" }, { "source_name": "ICS-CERT April 2017", "description": "ICS-CERT 2017, April 18 CS Alert (ICS-ALERT-17-102-01A) BrickerBot Permanent Denial-of-Service Attack Retrieved. 2019/10/24 ", "url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-17-102-01A" }, { "source_name": "ICS-CERT August 2018", "description": "ICS-CERT 2018, August 27 Advisory (ICSA-15-202-01) - Siemens SIPROTEC Denial-of-Service Vulnerability Retrieved. 2019/03/14 ", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-01" }, { "source_name": "MITRE March 2018", "description": "MITRE 2018, March 22 CVE-2015-5374 Retrieved. 2019/03/14 ", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5374" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "x_mitre_attack_spec_version": "3.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }