The User object is representing a legitimate user in the environment.
User objects can be connected to Identity objects to define which identities a user has access to and is permitted to use. This is the way users interact with assets in the model.
Attack step name
Attack step purpose
Prerequisite to DeliverMaliciousRemovableMedia.
Attempting to convince the user to do UnsafeUserActivity.
Stealing passwords and similar credentials.
The attacker operation of delivering for instance a USB drive to a location accessible to the target user.
If a user has multiple identities and the user-defense NoPasswordReuse is not enabled, chances are that the same credentials will unlock multiple identities.
Convincing the user to do UnsafeUserActivity.
Making the user execute malware or do similar operations on behalf of the attacker.
The user is expected to use unique passwords to all identities.
Lowers the probability of succeeding with UnsafeUserActivity (i.e. succeeding with the prerequisite attempt-operations related to UnsafeUserActivity).
Updated 8 months ago