MITRE ATT&CK: Clipboard data - Security Boulevard

MITRE ATT&CK: Clipboard data

Introduction

Copying data to a Windows or macOS system clipboard is a well-known time saver that many take advantage of, myself included. The problem with this little time-saving shortcut is that due to some internal mechanisms of the clipboard function, attackers can collect data from the clipboard. This aids attackers in their efforts and creates a bigger problem for the end user than their original problem of having to type information.

This article will detail the problem with clipboard data generally, explore the different categories of clipboard data attacks and examine some real-world examples of these attacks in the context of the different attack types. If this is the first you have heard about this type of attack, prepare for a solid primer that will get you caught up to speed.

MITRE ATT&CK

MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base — including cybersecurity.

To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based on real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for cybersecurity product/service community, private sector and government use.

For more information, the MITRE ATT&CK matrix can be found here.

What is a clipboard data attack?

Saving information to a desktop or Android clipboard is a common time-saving function, though the amount of time saved is rather small. Attackers have different ways of reaching this information, based upon the system it is occurring on. For Windows systems, Windows API is used; for macOS, attackers use the command pbpaste.

Clipboard data attacks are a type of system feature (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/0t9WfDOE_Go/