Resource Hijacking: Bandwidth Hijacking (T1496.002)

Tactic: Impact · Platforms: Linux, Windows, macOS, IaaS, Containers

The interactive view maps 1 detection strategy to this technique, alongside D3FEND countermeasures and data-component coverage.

Sub-technique of Resource Hijacking (T1496).

Overview

Adversaries may leverage the network bandwidth resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.

Adversaries may also use malware that leverages a system's network bandwidth as part of a botnet in order to facilitate Network Denial of Service campaigns and/or to seed malicious torrents. Alternatively, they may engage in proxyjacking by selling use of the victims' network bandwidth and IP address to proxyware services. Finally, they may engage in internet-wide scanning in order to identify additional targets for compromise.

In addition to incurring potential financial costs or availability disruptions, this technique may cause reputational damage if a victim’s bandwidth is used for illegal activities.

Explore