MITRE ATT&CK: Input capture

Since the early days of computing, input has been the most basic form of interface with a system. Until attackers find a way to intercept brain communications, input will remain the holy grail of information sources to harvest.

Attackers have a way to access this rich source of sensitive information — the input capture attack technique. Headlined by the infamous keylogger, input capture appears on the MITRE ATT&CK matrix as an “abuse of system features” technique and may be the epitome of an abuse of system feature attack tactic.

This article will detail the input capture technique and will explore what MITRE ATT&CK is, the danger of abuse of system features, a little about input capture, real-world examples of this attack in action, and tips for mitigation and detection.

What is MITRE ATT&CK?

MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base — including cybersecurity.

Sponsorships Available

Sponsorships Available

Sponsorships Available

To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for the cybersecurity product/service community, the private sector and government use. More information on the MITRE ATT&CK matrix can be found here.

Dangers of abuse of system features

Before we discuss this attack technique, we must first discuss what makes it so dangerous. This attack technique is considered an “abuse of system features” technique.

What this means is that the attacker or malicious hacker is leveraging the inherent features of the compromised system against itself. It is sort of like jujitsu or judo, where the opponent’s inherent (Read more...)