CAPEC 537 Infiltration of Hardware Development Environment

Draft Detailed Low Risk

Severity High

Description

An adversary, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim's organization, for the purpose of disruption or further compromise.

CAPEC 537 Infiltration of Hardware Development Environment

Description

Mitigations

Do Not Download Software From Untrusted Sources

Educate Designers, Developers, Engineers, Etc. On Social Engineering Attacks To Avoid Downloading Malicious Software Via Attacks Such As Phishing Attacks

Leverage Antivirus Tools To Detect Known Malware

Verify Software Downloads And Updates To Ensure They Have Not Been Modified Be Adversaries

Consequences

Consequence Information

Relationships

Parent CAPECs

Related ATT&CK Techniques

Compromise Hardware Supply Chain

CAPEC 537 Infiltration of Hardware Development Environment

Description

Mitigations

Do Not Download Software From Untrusted Sources

Educate Designers, Developers, Engineers, Etc. On Social Engineering Attacks To Avoid Downloading Malicious Software Via Attacks Such As Phishing Attacks

Leverage Antivirus Tools To Detect Known Malware

Verify Software Downloads And Updates To Ensure They Have Not Been Modified Be Adversaries

Consequences

Consequence Information

Relationships

Parent CAPECs

Related ATT&CK Techniques

Compromise Hardware Supply Chain

Iscriviti alla newsletter