Firmware Corruption

Adversaries may overwrite or corrupt the flash memory contents of system BIOS or other firmware in devices attached to a system in order to render them inoperable or unable to boot.[1] Firmware is software that is loaded and executed from non-volatile memory on hardware devices in order to initialize and manage device functionality. These devices could include the motherboard, hard drive, or video cards.

ID: T1495
Tactic: Impact
Platform: Linux, macOS, Windows
Permissions Required: Administrator, root, SYSTEM
Data Sources: BIOS, Component firmware
Impact Type: Availability
Version: 1.0

Mitigations

Mitigation Description
Boot Integrity Check the integrity of the existing BIOS and device firmware to determine if it is vulnerable to modification.
Privileged Account Management Prevent adversary access to privileged accounts or access necessary to replace system firmware.
Update Software Patch the BIOS and other firmware as necessary to prevent successful use of known vulnerabilities.

Detection

System firmware manipulation may be detected.[2] Log attempts to read/write to BIOS and compare against known patching behavior.

References