<noframes id="vfxvr">

    <track id="vfxvr"></track>

      <span id="vfxvr"></span>

          ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引頁]

          譯者: 林妙倩(清華大學網絡研究院網絡空間安全實習生)、戴亦侖(賽寧網安) 原創翻譯作品,如果需要轉載請取得翻譯作者同意。

          數據來源:ATT&CK Matrices

          原文: https://attack.mitre.org/techniques/T1485

          術語表: /attack/glossary

          數據銷毀

          攻擊者可能破壞特定系統上或網絡上的大量數據和文件,從而中斷系統,服務和網絡資源的可用性。數據銷毀可能會通過覆蓋本地或遠程驅動器上的文件或數據而通過法醫技術使存儲的數據無法恢復常見的操作系統文件刪除命令,例如del并且rm通常僅刪除指向文件的指針而不會擦除文件本身的內容,從而通過適當的取證方法可恢復文件。此行為不同于“ 磁盤內容擦除”和“ 磁盤結構擦除” 因為銷毀了單個文件,而不是銷毀了存儲磁盤的部分或磁盤的邏輯結構。

          攻擊者可能會嘗試使用隨機生成的數據覆蓋文件和目錄,以使其無法恢復。在某些情況下,用于政治目的的圖像文件已被用來覆蓋數據。

          為了在以網絡范圍內的可用性中斷為目標的運營中最大程度地影響目標組織,旨在破壞數據的惡意軟件可能具有蠕蟲般的功能,可以利用有效帳戶,憑據轉儲和Windows Admin Shares等其他技術在網絡中傳播。

          Data Destruction

          Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives.Common operating system file deletion commands such as del and rm often only remove pointers to files without wiping the contents of the files themselves, making the files recoverable by proper forensic methodology. This behavior is distinct from Disk Content Wipe and Disk Structure Wipe because individual files are destroyed rather than sections of a storage disk or the disk's logical structure.

          Adversaries may attempt to overwrite files and directories with randomly generated data to make it irrecoverable. In some cases politically oriented image files have been used to overwrite data

          To maximize impact on the target organization in operations where network-wide availability interruption is the goal, malware designed for destroying data may have worm-like features to propagate across a network by leveraging additional techniques like Valid Accounts, Credential Dumping, and Windows Admin Shares.

          標簽

          策略: 影響( Impact ) 平臺: Linux,macOS,Windows 所需權限: user,administrator,root,SYSTEM 數據源: 文件監視,進程命令行參數,進程監視 影響類型: 可用性( Availability )

          緩解措施

          減輕 描述
          數據備份 考慮實施IT災難恢復計劃,其中包含用于進行可用于還原組織數據的常規數據備份的過程。確保備份存儲在系統之外,并且免受攻擊者可能用來獲取訪問權限并破壞備份以防止恢復的常見方法的攻擊。
          Data Backup Consider implementing IT disaster recovery plans that contain procedures for taking regular data backups that can be used to restore organizational data. Ensure backups are stored off system and is protected from common methods adversaries may use to gain access and destroy the backups to prevent recovery.

          檢測

          使用過程監視來監視可能與數據銷毀活動有關的二進制文件的執行和命令行參數,例如SDelete(S0195)。監視可疑文件的創建以及異常文件的高修改活動。特別是,請在用戶目錄和下查找大量文件修改C:\Windows\System32\。

          Use process monitoring to monitor the execution and command-line parameters of binaries that could be involved in data destruction activity, such as SDelete. Monitor for the creation of suspicious files as well as high unusual file modification activity. In particular, look for large quantities of file modifications in user directories and under C:\Windows\System32\.

          欧美日韩国产亚洲,天天射影院,大芭蕉天天视频在线观看,欧美肥老太牲交大片,奇米色888,黄三级高清在线播放,国产卡一卡二卡三卡四,亚洲第一黄色视频 日韩中文字幕中文有码,日本A级作爱片一,奇米第四,三级片短片视频免费在线观看,奇米网狠狠网,影音先锋色AV男人资源网,日本丰满熟妇hd 日本日韩中文字幕无区码,涩 色 爱 性,天天射影视,中文字幕制服丝袜第57页,777米奇影院奇米网狠狠,尤物TV国产精品看片在线,欧洲女同牲恋牲交视频 久久AV天堂日日综合,亚洲性爱影院色yeye,日韩亚洲欧美Av精品,十八禁全身裸露全彩漫画,奇米网影视,人人爽人人澡人人人妻,动漫AV专区,天天色综合影院 日韩精品中文字幕,特级无码毛片免费视频,人妻少妇不卡无码视频,制服丝袜有码中文字幕在线,深爱激动情网婷婷,影音先锋全部色先锋,香港三级日本三级韩级人妇 日韩欧美亚洲综合久久在线视频,2021XX性影院,玖玖资源站最稳定网址,日韩亚洲制服丝袜中文字幕,国产超碰人人模人人爽人人喊,先锋色熟女丝袜资源 很黄特别刺激又免费的视频,2021一本久道在线线观看,色中娱乐黄色大片,日本高清不卡在线观看播放,97国产自在现线免费视频,国产在线精品亚洲第一区 免费中文字幕精品一区二区 视频,狠狠爱俺也色,天天好逼网,日韩制服丝袜,国产女人大象蕉视频在线观看,国产 精品 自在 线免费,午夜时刻在线观看