The progression of information security has been heavily focused on the internet as the primary source of threats. What may be overlooked is the specter that was around during the early days of computing that has always been and remains with us — the threat posed by removable media. While information security measures and the technology used for removable media have evolved, the basic threat that this technique may pose must not be ignored.
This article will detail the replication through removable media technique from the MITRE ATT&CK matrix. We will also explore what MITRE ATT&CK is, tell you a little about replication through removable media, give some real-world examples of this technique and also offer tips for mitigation and detection.
What is MITRE ATT&CK?
MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base — including cybersecurity.
To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics, based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for the cybersecurity product/service community, the private sector and government use.
More information on the MITRE ATT&CK matrix can be found here.
A little about replication through removable media
Attackers know about the early days of computing, where viruses and other threats were spread around by way of floppy disk and other removable media. Despite advancements in technology, new forms of removable media offer attackers an avenue into systems. This is complicated by autorun features present in most (especially Windows) systems that automatically execute when the media is inserted. Air-gapped systems are (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/a-HKkgpBq10/