Exploit Public-Facing Application

From attackics
Jump to navigation Jump to search
Exploit Public-Facing Application
Technique
ID T819
Tactic Initial Access
Data Sources Web logs, Web application firewall logs, Application logs, Packet capture

Description

Adversaries may attempt to exploit public-facing applications to leverage weaknesses on Internet-facing computer systems, programs, or assets in order to cause unintended or unexpected behavior. These public-facing applications may include user interfaces, software, data, or commands. In particular, a public-facing application in the IT environment may provide adversaries an interface into the OT environment.

ICS-CERT analysis has identified the probable initial infection vector for systems running GE’s Cimplicity HMI with a direct connection to the Internet.1