Some organizations do not configure their operating systems and account management to properly protect the use of task scheduling functionality. As a result, adversaries can abuse this capability to execute malicious code on a victim’s system. Get hands-on practice detecting this technique so you can protect your organization.
All major operating systems provide utilities that enable the scheduling of programs to run at certain times. When adversaries can access this task-scheduling capability, they can use it to execute programs on a scheduled basis in order to maintain persistence or conduct their ultimate attack objectives. Adversaries can also use this capability to run programs under a specified account with elevated privileges in order to gain privilege escalation. As such, the Scheduled Task technique is useful to adversaries in many scenarios.
You can see how important it is to learn how to detect and mitigate this activity.
Get the hands-on skills you need to detect and mitigate this attack in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the financially motivated threat group FIN10. Prevent adversaries from accomplishing the tactics of Execution, Persistence, and Privilege Escalation in your environment today.
Complete this entire course to earn a Scheduled Task Certificate of Completion