CAPEC-548: Contaminate Resource
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary contaminates organizational information systems (including devices and networks) by causing them to handle information of a classification/sensitivity for which they have not been authorized. When this happens, the contaminated information system, device, or network must be brought offline to investigate and mitigate the data spill, which denies availability of the system until the investigation is complete.
扩展描述
Contamination through email is a very common attack vector. Systems with email servers or personal work systems using email are susceptible to this attack simply by receiving an email that contains a classified document or information. A fake classified document could even be used that is mistaken as true classified material. This would still cause the system to be taken offline until the validity of the classified material is confirmed.
前提条件
- The adversary needs to have real or fake classified/sensitive information to place on a system
所需技能
后果影响
影响范围: Availability
技术影响: Resource Consumption
说明: Denial of Service
影响范围: Confidentiality
技术影响: Read Data
说明: Victims of the attack can be exposed to classified materials
缓解措施
Properly safeguard classified/sensitive data. This includes training cleared individuals to ensure they are handling and disposing of this data properly, as well as ensuring systems only handle information of the classification level they are designed for.
Design systems with redundancy in mind. This could mean creating backing servers that could be switched over to in the event that a server has to be taken down for investigation.
Have a planned and efficient response plan to limit the amount of time a system is offline while the contamination is investigated.