Threat actors may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment. Threat actors may use the information from Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.