MITRE ATT&CK: Disk structure wipe - Security Boulevard

MITRE ATT&CK: Disk structure wipe

Introduction 

Denying the availability of systems and resources of an attack target is a main objective of many real-world attack campaigns. If you were going to disrupt a target, this denial of availability is probably the only part of the attack that will affect the day-to-day activity of a target endpoint’s user. 

Since integrity and availability of disks are as serious today as they were decades ago, the disk structure wipe attack technique is an old favorite of hackers and attack campaigns. 

This article will explore the disk structure wipe, as detailed in the MITRE ATT&CK Matrix. We’ll look at the MITRE ATT&CK, the disk structure wipe, how it works and some real-world examples of the attack technique in use, as well as mitigation and detection considerations. 

What is MITRE ATT&CK?

MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base — including cybersecurity.

To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based on real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for cybersecurity product/service community, the private sector and government use. 

More information on the MITRE ATT&CK matrix can be found here.

What is a disk structure wipe?

Denial of availability is an attractive attack option because of the devastation it leaves in its wake. The disk structure wipe attack technique is where attackers wipe or corrupt disk structures on a targeted system’s hard drive. These structures include those necessary to boot systems, including the technique’s favorite targets — the Master Boot Record (MBR) and partition (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/id7u_mT-vbw/