MITRE ATT&CK: Endpoint denial of service

Introduction

Denial-of-Service (DoS) attacks have been around since the 1970s, and they can be downright paralyzing to an organization. Not only does it shut down the ability to use a targeted resource, but it can also cost an organization significantly in terms of man hours spent recovering from the attack. Endpoints are often an attractive target for attackers and this trend is on the rise. 

This article will explore the endpoint denial-of-service attack that is posted in the impact portion of the MITRE ATT&CK matrix and will explore what the endpoint denial-of-service attack is, the methods that comprise this attack and the major types of endpoint denial-of-service attacks.

What is MITRE ATT&CK?

MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base — including cybersecurity.

To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for cybersecurity product/service community, the private sector and government use. More information on the MITRE ATT&CK matrix can be found here.

What is an endpoint denial-of-service attack?

Endpoint DoS is an attack type focused on blocking service availability to users without saturating the network that provides access to said service. This attack is performed by either exhausting host system resources to block the service or by instigating a crash on the host system. Endpoint services targeted typically include websites, DNS, email services and web-based applications. 

It should be noted that a DoS attack is from a single system. An attack from multiple systems is a distributed (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/d8g7lcUBXPk/