CCC.Monitor.TH02: Health Checks Used to Identify Attack Targets
Threat ID:CCC.Monitor.TH02
Title:Health Checks Used to Identify Attack Targets
Description:
Health Checks are used to inform those responsible for maintaining a system that there is a problem, but if that information gets into the hands of a malicious actor, it can be used to target already problematic systems and mask malicious activity.
External Mappings
Reference ID | Entry ID | Strength | Remarks |
---|---|---|---|
MITRE-ATT&CK | T1590 | 0 | Gather Victim Network Information |
Controls
ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
---|---|---|---|---|---|---|
CCC.Monitor.C04 | Restrict access to Monitoring Dashboards | Control access to Monitoring Dashboards and reports to ensure they don't highlight an attack path. | Identity and Access Management | 1 | 4 | 1 |