Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-555:Remote Services with Stolen Credentials
Attack Pattern ID:555
Version:v3.9
Attack Pattern Name:Remote Services with Stolen Credentials
Abstraction:Standard
Status:Stable
Likelihood of Attack:
Typical Severity:Very High
DetailsContent HistoryRelated WeaknessesReports
▼Description
This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfM560Use of Known Domain Credentials
CanFollowD270Modification of Registry Run Keys
CanPrecedeM151Identity Spoofing
Nature: ChildOf
Type: Meta
ID: 560
Name: Use of Known Domain Credentials
Nature: CanFollow
Type: Detailed
ID: 270
Name: Modification of Registry Run Keys
Nature: CanPrecede
Type: Meta
ID: 151
Name: Identity Spoofing
▼Execution Flow
▼Prerequisites
▼Skills Required
▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
▼Mitigations
Disable RDP, telnet, SSH and enable firewall rules to block such traffic. Limit users and accounts that have remote interactive login access. Remove the Local Administrators group from the list of groups allowed to login through RDP. Limit remote user permissions. Use remote desktop gateways and multifactor authentication for remote logins.
▼Example Instances
▼Related Weaknesses
IDName
CWE-262Not Using Password Aging
CWE-263Password Aging with Long Expiration
CWE-294Authentication Bypass by Capture-replay
CWE-308Use of Single-factor Authentication
CWE-309Use of Password System for Primary Authentication
CWE-521Weak Password Requirements
CWE-522Insufficiently Protected Credentials
ID: CWE-262
Name: Not Using Password Aging
ID: CWE-263
Name: Password Aging with Long Expiration
ID: CWE-294
Name: Authentication Bypass by Capture-replay
ID: CWE-308
Name: Use of Single-factor Authentication
ID: CWE-309
Name: Use of Password System for Primary Authentication
ID: CWE-521
Name: Weak Password Requirements
ID: CWE-522
Name: Insufficiently Protected Credentials
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1021Remote Services
ATTACK1114.002Email Collection:Remote Email Collection
ATTACK1133External Remote Services
Taxonomy Name: ATTACK
Entry ID: 1021
Entry Name: Remote Services
Taxonomy Name: ATTACK
Entry ID: 1114.002
Entry Name: Email Collection:Remote Email Collection
Taxonomy Name: ATTACK
Entry ID: 1133
Entry Name: External Remote Services
▼Notes
▼References
Details not found