This repository has been archived by the owner on Apr 3, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 64
/
ReCAPTCHAEnterprise.yaml
63 lines (59 loc) · 2.89 KB
/
ReCAPTCHAEnterprise.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
version: 1
ATT&CK version: 10
creation date: 04/17/2022
name: ReCAPTCHA Enterprise
contact: ctid@mitre-engenuity.org
organization: Center for Threat Informed Defense (CTID)
platform: GCP
tags:
- Multi-Factor Authentication
- Identity
description: >-
With reCAPTCHA Enterprise, you can protect your site from spam and abuse, and detect other types
of fraudulent activities on the sites, such as credential stuffing, account takeover (ATO), and
automated account creation. reCAPTCHA Enterprise offers enhanced detection with more granular
scores, reason codes for risky events, mobile app SDKs, password breach/leak detection,
Multi-factor authentication (MFA), and the ability to tune your site-specific model to protect
enterprise businesses.
techniques:
- id: T1078.004
name: Cloud Accounts
technique-scores:
- category: Protect
value: Partial
comments: >
ReCAPTCHA Enterprise allows users to configure Multifactor Authentication (MFA) to verify
user's identity by sending a verification code by email or SMS (known as an MFA
challenge). When ReCAPTCHA Enterprise assesses that user activity to exceeds a
predetermined threshold (by the developer), it can trigger an MFA challenge to verify the
user. This increases the likelihood that a compromised account will be prevented from
impacting the system.
Since ReCAPTCHA Enterprise does not require a MFA challenge for all user activity, it has
been given a rating of Partial.
- id: T1110.004
name: Credential Stuffing
technique-scores:
- category: Detect
value: Significant
comments: >
Password Checkup extension for Chrome displays a warning whenever a user signs in to a
site using one of over 4 billion usernames and passwords that Google knows to be unsafe
due to a third-party data breach. With reCAPTCHA Enterprise, you can identify credential
stuffing attacks by utilizing Password Checkup to detect password leaks and breached
credentials. Developers can factor this information into their score calculation for
score-based site keys to help identify suspicious activity and take appropriate action.
- id: T1136.003
name: Cloud Account
technique-scores:
- category: Protect
value: Partial
comments: >
ReCAPTCHA Enterprise can implement a number of mitigations to prevent the automated
creation of multiple accounts such as adding checkbox challenges on pages where end users
need to enter their credentials and assessing user activity for potential misuses on all
pages where accounts are created.
Since this control doesn't prevent the manual creation of accounts, it has been given a
rating of Partial.
comments: ''
references:
- 'https://cloud.google.com/recaptcha-enterprise'