CAPEC-675: Retrieve Data from Decommissioned Devices
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
前提条件
- An adversary needs to have access to electronic data processing equipment being recycled or disposed of (e.g., laptops, servers) at a collection location and the ability to take control of it for the purpose of exploiting its content.
所需技能
后果影响
影响范围: Accountability
技术影响: Bypass Protection Mechanism
缓解措施
Backup device data before erasure to retain intellectual property and inside knowledge.
Overwrite data on device rather than deleting. Deleted data can still be recovered, even if the device trash can is emptied. Rewriting data removes any trace of the old data. Performing multiple overwrites followed by a zeroing of the device (overwriting with all zeros) is good practice.
Use a secure erase software.
Physically destroy the device if it is not intended to be reused. Using a specialized service to disintegrate, burn, melt or pulverize the device can be effective, but if those services are inaccessible, drilling nails or holes, or smashing the device with a hammer can be effective. Do not burn, microwave, or pour acid on a hard drive.
Physically destroy memory and SIM cards for mobile devices not intended to be reused.
Ensure that the user account has been terminated or switched to a new device before destroying.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1052 | Exfiltration Over Physical Medium |