Adversaries may use Valid Accounts to log into a service that accepts remote connections, such as telnet, SSH, and VNC. The adversary may then perform actions as the logged-on user.
These backend services, while providing necessary functionality, can become targets for adversaries once initial access has been gained, for instance through a compromised infotainment system. Adversaries can then move laterally to more sensitive systems, such as those involved in vehicle control. They may search the credential in the compromised infotainment system to gain unauthorized access, allowing them to issue commands or compromise other connected components within the backend network.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.