CAPEC-548: Contaminate Resource

Also known as: Data Spill

An adversary contaminates organizational information systems (including devices and networks) by causing them to handle information of a classification/sensitivity for which they have not been authorized. When this happens, the contaminated information system, device, or network must be brought offline to investigate and mitigate the data spill, which denies availability of the system until the investigation is complete.

High

Typical severity

Per MITRE

Low

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Overview

Contamination through email is a very common attack vector. Systems with email servers or personal work systems using email are susceptible to this attack simply by receiving an email that contains a classified document or information. A fake classified document could even be used that is mistaken as true classified material. This would still cause the system to be taken offline until the validity of the classified material is confirmed.

CAPEC-548: Contaminate Resource

Overview

What the attacker needs

Prerequisites

Skills required

Consequences

How to mitigate it

Examples

Terminology & mappings

Alternate terms

Frequently asked questions

What is CAPEC-548?

How do you prevent CAPEC-548?

How severe is CAPEC-548?

References

Defend against CAPEC-548

Overview

What the attacker needs

Prerequisites

Skills required

Consequences

How to mitigate it

Examples

Related attack patterns

Can precede

Terminology & mappings

Alternate terms

Frequently asked questions

What is CAPEC-548?

How do you prevent CAPEC-548?

How severe is CAPEC-548?

References

Defend against CAPEC-548