CAPEC 675 Retrieve Data from Decommissioned Devices

Stable Standard Medium Risk

Severity Medium

Description

{'xhtml:p': 'An adversary obtains decommissioned, recycled, or discarded systems and devices that can include an organization\u00e2\u0080\u0099s intellectual property, employee data, and other types of controlled information. Systems and devices that have reached the end of their lifecycles may be subject to recycle or disposal where they can be exposed to adversarial attempts to retrieve information from internal memory chips and storage devices that are part of the system.'}

Mitigations

Backup Device Data Before Erasure To Retain Intellectual Property And Inside Knowledge.

Ensure That The User Account Has Been Terminated Or Switched To A New Device Before Destroying.

Overwrite Data On Device Rather Than Deleting. Deleted Data Can Still Be Recovered, Even If The Device Trash Can Is Emptied. Rewriting Data Removes Any Trace Of The Old Data. Performing Multiple Overwrites Followed By A Zeroing Of The Device (Overwriting With All Zeros) Is Good Practice.

Physically Destroy Memory And Sim Cards For Mobile Devices Not Intended To Be Reused.

Physically Destroy The Device If It Is Not Intended To Be Reused. Using A Specialized Service To Disintegrate, Burn, Melt Or Pulverize The Device Can Be Effective, But If Those Services Are Inaccessible, Drilling Nails Or Holes, Or Smashing The Device With A Hammer Can Be Effective. Do Not Burn, Microwave, Or Pour Acid On A Hard Drive.

CAPEC 675 Retrieve Data from Decommissioned Devices

Description

Mitigations

Backup Device Data Before Erasure To Retain Intellectual Property And Inside Knowledge.

Ensure That The User Account Has Been Terminated Or Switched To A New Device Before Destroying.

Overwrite Data On Device Rather Than Deleting. Deleted Data Can Still Be Recovered, Even If The Device Trash Can Is Emptied. Rewriting Data Removes Any Trace Of The Old Data. Performing Multiple Overwrites Followed By A Zeroing Of The Device (Overwriting With All Zeros) Is Good Practice.

Physically Destroy Memory And Sim Cards For Mobile Devices Not Intended To Be Reused.

Use A Secure Erase Software.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Related ATT&CK Techniques

Exfiltration Over Physical Medium

CAPEC 675 Retrieve Data from Decommissioned Devices

Description

Mitigations

Backup Device Data Before Erasure To Retain Intellectual Property And Inside Knowledge.

Ensure That The User Account Has Been Terminated Or Switched To A New Device Before Destroying.

Overwrite Data On Device Rather Than Deleting. Deleted Data Can Still Be Recovered, Even If The Device Trash Can Is Emptied. Rewriting Data Removes Any Trace Of The Old Data. Performing Multiple Overwrites Followed By A Zeroing Of The Device (Overwriting With All Zeros) Is Good Practice.

Physically Destroy Memory And Sim Cards For Mobile Devices Not Intended To Be Reused.

Use A Secure Erase Software.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Related ATT&CK Techniques

Exfiltration Over Physical Medium

Iscriviti alla newsletter