Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
An attacker substitutes out a tested and approved hardware component for a maliciously-altered hardware component. This type of attack is carried out directly on the system, enabling the attacker to then cause disruption or additional compromise.
The nature of these type of attacks involve a coordinated effort between well-funded multiple attackers, and sometimes require physical access to successfully complete an attack. As a result these types of attacks are not launched on a large scale against any potential victim, but are typically highly targeted against victims who are often targeted and may have rather sophisticated cyber defenses already in place.
An attacker has access to an organization's warehouse of card readers being included as a part of an overall security system. By replacing a critical hardware component in the card reader, the attacker is able to alter the function of the card reader to allow an attacker-supplied card to bypass a security checkpoint. The card reader is placed in the warehouse, and later used in the victim's security system. The attacker is then able to go to the victim and use their own card and bypass a physical security checkpoint and gain access to the victim's location for further malicious activity.
Skill or Knowledge Level: High
Able to develop and manufacture malicious system components that perform the same functions and processes as their non-malicious counterparts.
More information is available — Please select a different filter.