Manipulation of View

From attackics
Jump to navigation Jump to search
Manipulation of View
ID T832
Tactic Impact
Asset Engineering Workstation, Human-Machine Interface, Field Controller/RTU/PLC/IED


Adversaries may attempt to manipulate the information reported back to operators or controllers. This manipulation may be short term or sustained. During this time the process itself could be in a much different state than what is reported.123

Operators may be fooled into doing something that is harmful to the system in a loss of view situation. With a manipulated view into the systems, operators may issue inappropriate control sequences that introduce faults or catastrophic failures into the system. Business analysis systems can also be provided with inaccurate data leading to bad management decisions.

Procedure Examples

  • Industroyer's OPC module can brute force values and will send out a 0x01 status which for the target systems equates to a “Primary Variable Out of Limits” misdirecting operators from understanding protective relay status.4
  • Stuxnet manipulates the view of operators replaying process input and manipulating the I/O image to evade detection and inhibit protection functions.56