CAPEC 532 Altered Installed BIOS

Description

🇬🇧 English Original 🇮🇹 Italiano AI Translated

An attacker with access to download and update system software sends a maliciously altered BIOS to the victim or victim supplier/integrator, which when installed allows for future exploitation.

AI Generated Translation

Un attaccante con accesso al download e all'aggiornamento del software di sistema invia un BIOS alterato in modo malevolo alla vittima o al fornitore/integratore della vittima, che una volta installato consente future sfruttamenti.

Mitigations

6

Deploy Strong Code Integrity Policies To Allow Only Authorized Apps To Run.

Maintain A Highly Secure Build And Update Infrastructure By Immediately Applying Security Patches For Os And Software, Implementing Mandatory Integrity Controls To Ensure Only Trusted Tools Run, And Requiring Multi-Factor Authentication For Admins.

Sign Update Packages And Bios Patches.

Use Endpoint Detection And Response Solutions That Can Automaticalkly Detect And Remediate Suspicious Activities.

Require Ssl For Update Channels And Implement Certificate Transparency Based Verification.

Use Hardware Security Modules/Trusted Platform Modules To Verify Authenticity Using Hardware-Based Cryptography.

Consequences

Consequence Information

{'impacts': [], 'impacts_translate': [], 'scopes': [], 'scopes_translate': []}

Relationships

Parent CAPECs

CAPEC-444

Related ATT&CK Techniques

2

T1495

Firmware Corruption

Adversaries may overwrite or corrupt the flash memory contents of system BIOS or other firmware in devices attached to a …

T1542.001

System Firmware

Adversaries may modify system firmware to persist on systems.The BIOS (Basic Input/Output System) and The Unified Extensible Firmware Interface (UEFI) …