MITRE ATT&CK: Audio Capture

Introduction

A common theme in literary, cinematic and real-world espionage is the use of a wire or bug that records audio of a target subject. Audio capture jumped out of these spy novels and movies and right into the laps of attackers and malicious hackers. These attackers use a clandestine collection method, normally using microphones and other audio interfacing devices, to siphon information from the target subject.

This article will detail the audio capture collection technique listed in the MITRE ATT&CK matrix and explore what MITRE ATT&CK is, what the audio capture technique is, real-world examples demonstrating different methods of performing this technique, mitigation and detection. If you have ever wondered whether, or how, attackers and malicious hackers are listening to users of compromised systems, let this article serve as an education and a warning. 

What is MITRE ATT&CK?

MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base — including cybersecurity.

To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for the cybersecurity product/service community, the private sector and government use. More information on the MITRE ATT&CK matrix can be found here.

Dangers of abuse of system features

Before we discuss the audio capture attack technique in any detail, we should first discuss what makes it so dangerous. This attack technique is considered an “abuse of system features” technique. 

What this means is that the attacker or malicious hacker is leveraging the inherent features of the compromised system against (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/DTb0P-th9yg/