CCC.Monitor.TH06: Cost Exhaustion Through Tampered Alerts or Metrics Collection
Threat ID:CCC.Monitor.TH06
Title:Cost Exhaustion Through Tampered Alerts or Metrics Collection
Description:
Monitoring systems are expected to generate traffic, but it a malicious actor were to change alerts that were being fired at an API which charged per requests or generate large volumes of metric data which would then need to be stored and processed, or even triggering resource scaling, this would cause an increase in cloud bill.
External Mappings
Reference ID | Entry ID | Strength | Remarks |
---|---|---|---|
MITRE-ATT&CK | T1565 | 0 | Data Manipulation |
Controls
ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
---|---|---|---|---|---|---|
CCC.Monitor.C02 | Rate Limiting on Metric Generation | Prevent Malicious Actor or misconfiguration from flooding services with metric data. | Logging & Monitoring | 1 | 4 | 1 |