CAPEC-456 Infected Memory – Attack Pattern Analysis

CAPEC-456 Metadata

Likelihood of Attack

Medium

Typical Severity

High

Overview

Summary

An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.

Prerequisites

No prerequisites listed.

Potential Solutions / Mitigations

Leverage anti-virus products to detect stop operations with known virus.

Related Weaknesses (CWE)

CWE ID	Description
CWE-1257	Improper Access Control Applied to Mirrored or Aliased Memory Regions
CWE-1260	Improper Handling of Overlap Between Protected Memory Ranges
CWE-1274	Improper Access Control for Volatile Memory Containing Boot Code
CWE-1312	Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
CWE-1316	Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges

Related CAPECs

CAPEC ID	Description
CAPEC-441	An adversary installs or adds malicious logic (also known as malware) into a seemingly benign component of a fielded system. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. With the proliferation of mass digital storage and inexpensive multimedia devices, Bluetooth and 802.11 support, new attack vectors for spreading malware are emerging for things we once thought of as innocuous greeting cards, picture frames, or digital projectors. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems and their components that are still under development and part of the supply chain.

CAPEC ID

Description

CAPEC-441

An adversary installs or adds malicious logic (also known as malware) into a seemingly benign component of a fielded system. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. With the proliferation of mass digital storage and inexpensive multimedia devices, Bluetooth and 802.11 support, new attack vectors for spreading malware are emerging for things we once thought of as innocuous greeting cards, picture frames, or digital projectors. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems and their components that are still under development and part of the supply chain.

Stay Ahead of Attack Patterns

Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.