MITRE ATT&CK: Disk content wipe

Introduction

Classic moves, no matter what the subject matter is, are timeless. Be it the hook shot in basketball, the uppercut in boxing or the pirouette in ballet, these are moves that you remember for the subject matter. 

Believe it or not, hacker attack techniques are no different. Aside from the outright theft of information, gaining access to a system and wiping all or a portion of a disk is as classic as the moves listed above and definitely just as timeless. It’s funny how even though technology has changed over the years, some hacker objectives are just as applicable today as they were when hacking was in its infancy. 

This article will detail the disk content wipe availability technique that is enumerated in the MITRE ATT&CK matrix. We will explore the attack matrix, the disk content wipe, a little about how the attack works and real-world examples, as well as mitigation and detection considerations.

What is MITRE ATT&CK?

MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base — including cybersecurity.

Sponsorships Available

Sponsorships Available

Sponsorships Available

To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based on real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for cybersecurity product/service community, the private sector and government use. 

More information on the MITRE ATT&CK matrix can be found here.

What is a disk content wipe?

As the name suggests, a disk content wipe means erasing the contents of a disk entirely or partially. This is an easy enough concept to grasp but to fully understand why (Read more...)