Skip to content

Impact

What is "Impact" ?

Impact category refers to techniques that adversaries use to disrupt, compromise, or destroy systems and data. This disruption can be aimed at impacting business processes, destroying data, or manipulating operational outcomes.

How Does "Impact" Function ?

The "Impact" category encompasses a variety of techniques that directly affect the availability, integrity, or confidentiality of a system or data. These techniques are:

  1. Data Destruction: Involves methods such as wiping files or entire disk contents either by deleting them or by physically damaging hardware.
  2. Data Encrypted for Impact: Commonly seen in ransomware attacks where data is encrypted and a ransom demand is made.
  3. Defacement: Altering the appearance of content on websites to damage an organization’s reputation or to spread misinformation.
  4. Disk Content Wipe: Similar to data destruction but focuses specifically on removing information from storage devices in a way that makes recovery difficult.
  5. Disk Structure Wipe: Targeting the system areas of the disk such as the master boot record (MBR) or GUID Partition Table (GPT), rendering the system unbootable.
  6. Endpoint Denial of Service (DoS): Techniques that make network services unavailable by overwhelming them with traffic or exploiting vulnerabilities.
  7. Firmware Corruption: Involves modifying firmware in a way that causes permanent damage to hardware components or makes them inoperable.
  8. Inhibit System Recovery: Techniques designed to hinder recovery efforts after an attack, such as disabling backup systems or corrupting snapshots.
  9. Network Denial of Service: Similar to endpoint DoS but targeted at network devices and infrastructure.
  10. Resource Hijacking: Exploiting system resources for unauthorized purposes like cryptocurrency mining.

Where is the "Impact" Category Applied ?

The "Impact" category can be applied across various sectors including healthcare, finance, government, and more—essentially any domain reliant on IT infrastructure for critical operations can be affected by these techniques.

  • In healthcare, disrupting hospital systems can delay treatments and risk lives.
  • In finance, attacks could lead to financial losses and undermine trust in banking systems.
  • Government operations could be stalled causing loss of public trust and disruption of public services.

Why Is "Impact" Important ?

Understanding the "Impact" category is crucial for several reasons:

  1. Preventative Measures: By understanding how these attacks are carried out, organizations can implement specific security measures to protect against them.

  2. Incident Response Planning: Knowing potential impact techniques helps in developing effective incident response strategies that ensure quick recovery and minimal damage.

  3. Business Continuity Disruption: Impact techniques can halt operations leading to financial losses and erosion of customer trust.

  4. Data Integrity Compromise: Data manipulation attacks can lead to incorrect business decisions based on tampered information.

  5. Safety Risks: In sectors like healthcare or industrial services, impact attacks could pose risks to human life.

Understanding "Impact" allows organizations to better prepare for potential threats that could have severe consequences on their operational capabilities and reputation. It also aids in developing robust incident response strategies that minimize downtime and mitigate damage should an attack occur.

In conclusion, mastering each aspect of MITRE's Impact category allows organizations not only to defend against but also anticipate potential disruptive threats thereby maintaining operational integrity and trustworthiness in their respective fields