译者: 林妙倩、戴亦仑 原创翻译作品,如果需要转载请取得翻译作者同意。
数据来源:ATT&CK Matrices
原文: https://attack.mitre.org/techniques/T1495
术语表: /attack/glossary
攻击者可能会覆盖或破坏连接到系统的设备中的系统BIOS或其他固件的闪存内容,以使其无法操作或无法启动。固件是从硬件设备上的非易失性存储器加载并执行的软件,以初始化和管理设备功能。这些设备可能包括主板,硬盘驱动器或视频卡。
Firmware Corruption
Adversaries may overwrite or corrupt the flash memory contents of system BIOS or other firmware in devices attached to a system in order to render them inoperable or unable to boot.[1] Firmware is software that is loaded and executed from non-volatile memory on hardware devices in order to initialize and manage device functionality. These devices could include the motherboard, hard drive, or video cards.
ID编号: T1495
策略: 影响
平台: Linux,macOS,Windows
所需权限: administrator,root,SYSTEM
数据源: BIOS,组件固件
影响类型: 可用性
缓解 | 描述 |
---|---|
引导完整性 | 检查现有BIOS和设备固件的完整性,以确定其是否易于修改。 |
特权账户管理 | 防止对手访问特权帐户或替换系统固件所需的访问。 |
更新软件 | 根据需要修补BIOS和其他固件,以防止成功使用已知漏洞。 |
Mitigation | Description |
---|---|
Boot Integrity | Check the integrity of the existing BIOS and device firmware to determine if it is vulnerable to modification. |
Privileged Account Management | Prevent adversary access to privileged accounts or access necessary to replace system firmware. |
Update Software | Patch the BIOS and other firmware as necessary to prevent successful use of known vulnerabilities. |
可能检测到系统固件操纵。记录尝试读取/写入BIOS的尝试,并与已知的修补行为进行比较。
System firmware manipulation may be detected.[2] Log attempts to read/write to BIOS and compare against known patching behavior.