ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引页]

译者: 林妙倩(清华大学网络研究院网络空间安全实习生)、戴亦仑(赛宁网安) 原创翻译作品,如果需要转载请取得翻译作者同意。

数据来源:ATT&CK Matrices

原文: https://attack.mitre.org/techniques/T1495

术语表: /attack/glossary

固件损坏

攻击者可能会覆盖或破坏连接到系统的设备中的系统BIOS或其他固件的闪存内容,以使其无法操作或无法启动。固件是从硬件设备上的非易失性存储器加载并执行的软件,以初始化和管理设备功能。这些设备可能包括主板,硬盘驱动器或视频卡。

Firmware Corruption

Adversaries may overwrite or corrupt the flash memory contents of system BIOS or other firmware in devices attached to a system in order to render them inoperable or unable to boot.[1] Firmware is software that is loaded and executed from non-volatile memory on hardware devices in order to initialize and manage device functionality. These devices could include the motherboard, hard drive, or video cards.

标签

ID编号: T1495

策略: 影响

平台: Linux,macOS,Windows

所需权限: administrator,root,SYSTEM

数据源: BIOS,组件固件

影响类型: 可用性

缓解措施

缓解 描述
引导完整性 检查现有BIOS和设备固件的完整性,以确定其是否易于修改。
特权账户管理 防止对手访问特权帐户或替换系统固件所需的访问。
更新软件 根据需要修补BIOS和其他固件,以防止成功使用已知漏洞。
Mitigation Description
Boot Integrity Check the integrity of the existing BIOS and device firmware to determine if it is vulnerable to modification.
Privileged Account Management Prevent adversary access to privileged accounts or access necessary to replace system firmware.
Update Software Patch the BIOS and other firmware as necessary to prevent successful use of known vulnerabilities.

检测

可能检测到系统固件操纵。记录尝试读取/写入BIOS的尝试,并与已知的修补行为进行比较。

System firmware manipulation may be detected.[2] Log attempts to read/write to BIOS and compare against known patching behavior.