170 – Insecure service configuration - Antivirus
Description
It is possible to evade antivirus signatures to upload and use hacking tools that are commonly detected by any antivirus by recompiling the binaries and source code of the tools and using obfuscation. This would allow an attacker to get information in memory, perform attacks on the Kerberos service or the organizations network, among others.
Impact
- Evade the organizations security controls to install malicious software. - Exfiltrate data. - Compromise data integrity. - Affect server availability.
Recommendation
- Use on-disk monitoring systems to detect the use of malicious tools. - Update detection and intelligence tools periodically.
Threat
Internal attacker in the network.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: A
- Attack complexity: L
- Attack Requirements: N
- Privileges required: L
- User interaction: N
- Confidentiality (VC): L
- Integrity (VI): H
- Availability (VA): L
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: A