An adversary contaminates organizational information systems (including devices and networks) by causing them to handle information of a classification/sensitivity for which they have not been authorized. When this happens, the contaminated information system, device, or network must be brought offline to investigate and mitigate the data spill, which denies availability of the system until the investigation is complete.
|
|
| ID | CAPEC-548 |
| Latest Sync Date | 11/05/25 15:15:38 |
| Original ID | 548 |
| Abstraction | Meta |
| Status | Draft |
| Alternate Terms | ::TERM:Data Spill:DESCRIPTION:When information is handled by an information system of a classification/sensitivity for which the system has not been authorized to handle.:: |
| Likelihood Of Attack | Low |
| Typical Severity | High |
| Related Attack Patterns | ::NATURE:CanPrecede:CAPEC ID:607:: |
| Execution Flow | |
| Prerequisites | ::The adversary needs to have real or fake classified/sensitive information to place on a system:: |
| Skills Required | ::SKILL:Knowledge of classification levels of systems:LEVEL:Low::SKILL:The ability to obtain a classified document or information:LEVEL:High::SKILL:The ability to fake a classified document:LEVEL:Low:: |
| Resources Required | |
| Indicators | |
| Consequences | ::SCOPE:Availability:TECHNICAL IMPACT:Resource Consumption:NOTE:Denial of Service::SCOPE:Confidentiality:TECHNICAL IMPACT:Read Data:NOTE:Victims of the attack can be exposed to classified materials:: |
| Mitigations | ::Properly safeguard classified/sensitive data. This includes training cleared individuals to ensure they are handling and disposing of this data properly, as well as ensuring systems only handle information of the classification level they are designed for.::Design systems with redundancy in mind. This could mean creating backing servers that could be switched over to in the event that a server has to be taken down for investigation.::Have a planned and efficient response plan to limit the amount of time a system is offline while the contamination is investigated.:: |
| Example Instances | ::An insider threat was able to obtain a classified document. They have knowledge that a backend server which provides access to a website also runs a mail server. The adversary creates a throwaway email address and sends the classified document to the mail server. When an administrator checks the mail server they notice that it has processed an email with a classified document and the server has to be taken offline while they investigate the contamination. In the meantime, the website has to be taken down as well and access to the website is denied until the backend can be migrated to another server or the investigation is complete.:: |
| Related Weaknesses | |
| Taxonomy Mappings | |
| Notes | |