This class is an extension of the MITRE ATT&CK matrix and represents an attacker abusing insecure defaults.

Software, devices and cloud accounts could contain default configurations, such as well-known passwords, open ports or unrestricted permissions. Such configurations might be intended to make setup easier, but might also have the side effect of making the system less secure.

Mitigations: Examine the configuration of software, devices and cloud accounts to ensure no insecure defaults are in use. Follow security best practices, and turn off any features that will not be used.