CAPEC-548 Metadata
Likelihood of Attack
Low
Typical Severity
High
Overview
Summary
An adversary contaminates organizational information systems (including devices and networks) by causing them to handle information of a classification/sensitivity for which they have not been authorized. When this happens, the contaminated information system, device, or network must be brought offline to investigate and mitigate the data spill, which denies availability of the system until the investigation is complete. When information is handled by an information system of a classification/sensitivity for which the system has not been authorized to handle.
Prerequisites
The adversary needs to have real or fake classified/sensitive information to place on a system
Potential Solutions / Mitigations
Properly safeguard classified/sensitive data. This includes training cleared individuals to ensure they are handling and disposing of this data properly, as well as ensuring systems only handle information of the classification level they are designed for. Design systems with redundancy in mind. This could mean creating backing servers that could be switched over to in the event that a server has to be taken down for investigation. Have a planned and efficient response plan to limit the amount of time a system is offline while the contamination is investigated.
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-607 | An attacker obstructs the interactions between system components. By interrupting or disabling these interactions, an adversary can often force the system into a degraded state or cause the system to stop working as intended. This can cause the system components to be unavailable until the obstruction mitigated. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.