CAPEC-548: Contaminate Resource
Also known as: Data Spill
An adversary contaminates organizational information systems (including devices and networks) by causing them to handle information of a classification/sensitivity for which they have not been authorized. When this happens, the contaminated information system, device, or network must be brought offline to investigate and mitigate the data spill, which denies availability of the system until the investigation is complete.
Last updated
Overview
Contamination through email is a very common attack vector. Systems with email servers or personal work systems using email are susceptible to this attack simply by receiving an email that contains a classified document or information. A fake classified document could even be used that is mistaken as true classified material. This would still cause the system to be taken offline until the validity of the classified material is confirmed.
What the attacker needs
Prerequisites
- The adversary needs to have real or fake classified/sensitive information to place on a system
Skills required
- Low skill: Knowledge of classification levels of systems
- High skill: The ability to obtain a classified document or information
- Low skill: The ability to fake a classified document
Consequences
What a successful CAPEC-548 attack can achieve.
Resource Consumption
Affects: Availability
Denial of Service
Read Data
Affects: Confidentiality
Victims of the attack can be exposed to classified materials
How to mitigate it
Defenses that reduce the risk of CAPEC-548.