Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-532:Altered Installed BIOS
Attack Pattern ID:532
Version:v3.9
Attack Pattern Name:Altered Installed BIOS
Abstraction:Detailed
Status:Stable
Likelihood of Attack:Low
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
▼Description
An attacker with access to download and update system software sends a maliciously altered BIOS to the victim or victim supplier/integrator, which when installed allows for future exploitation.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfS444Development Alteration
Nature: ChildOf
Type: Standard
ID: 444
Name: Development Alteration
▼Execution Flow
▼Prerequisites
Advanced knowledge about the installed target system design.
Advanced knowledge about the download and update installation processes.
Access to the download and update system(s) used to deliver BIOS images.
▼Skills Required
High

Able to develop a malicious BIOS image with the original functionality as a normal BIOS image, but with added functionality that allows for later compromise and/or disruption.

▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
▼Mitigations
Deploy strong code integrity policies to allow only authorized apps to run.
Use endpoint detection and response solutions that can automaticalkly detect and remediate suspicious activities.
Maintain a highly secure build and update infrastructure by immediately applying security patches for OS and software, implementing mandatory integrity controls to ensure only trusted tools run, and requiring multi-factor authentication for admins.
Require SSL for update channels and implement certificate transparency based verification.
Sign update packages and BIOS patches.
Use hardware security modules/trusted platform modules to verify authenticity using hardware-based cryptography.
▼Example Instances
▼Related Weaknesses
IDName
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1495Firmware Corruption
ATTACK1542.001Pre-OS Boot:System Firmware
Taxonomy Name: ATTACK
Entry ID: 1495
Entry Name: Firmware Corruption
Taxonomy Name: ATTACK
Entry ID: 1542.001
Entry Name: Pre-OS Boot:System Firmware
▼Notes
▼References
Reference ID: REF-439
Title: Supply Chain Attack Framework and Attack Patterns
Author: John F. Miller
Publication:
Publisher:The MITRE Corporation
Edition:
URL:http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf
URL Date:
Day:N/A
Month:N/A
Year:2013
Reference ID: REF-716
Title: Supply chain attacks
Author: Daniel Simpson, Dani Halfin, Andrews Mariano Gorzelany, Beth Woodbury
Publication:
Publisher:Microsoft
Edition:
URL:https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/supply-chain-malware
URL Date:2022-02-21
Day:28
Month:10
Year:2021
Details not found