MITRE ATT&CK: Hardware Additions

Introduction

In this article, we shall discuss the very real threat of malicious hardware additions, what they are and their different types and forms, application areas and usage. We will also see the steps that organizations can take in order to detect and mitigate against them. Finally, we’ll conclude by taking a moment to imagine a future with more advanced hardware additions, possibly much smaller than a fingernail.

Overview of the MITRE ATT&CK matrix

The MITRE ATT&CK matrix is a publicly accessible knowledge-base of adversary tactics and techniques that are based on real-world observations. It is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

The aim of the MITRE ATT&CK list is to solve problems and produce a safer world by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.

What are hardware additions and what are their uses?

Hardware additions are tools and components that resemble normal hardware within the office.  However, they conceal exploits or code that allows them to take advantage of the systems (computers) they are plugged into. It is usually very easy to pass them off as normal hardware since they really do resemble normal hardware. In recent times, hardware additions and implants have gotten tremendously tiny, to the point of being included within supply chains.

Hardware additions are commonly utilized by security personnel to demonstrate the capabilities of adversaries. As to the potential difficulty of this hack, Monta Elkins of FoxGuard says, “It’s not magical. It’s not impossible. I could do this in my basement.” Adversary attacks leveraging hardware additions has not yet been made public. This is (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Lester Obbayi. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/CStzjpiRSnE/