Threat DF.W.HPDADF.7

URI: DF.W.HPDADF.7

Package: DataLifecycle

< prev | next >

Description: Malware insertion in flow of Data to FlowsTo by Process to : if process Process is infected by self-propagating malware, it may insert the malware into the copy of Data sent to process FlowsTo.

Threat Type: Primary Threat

Matching Pattern:

DF.W.HPDADF.7
MP-HPDADF

Finds a Host running a Process that sends a Data Flow to a destination process, plus the associated Data and Data Access assets, and optionally the Process and Host managers.

        (empty)

        (empty)

CSG-SuspendInfectedProcess

Process Process may be temporarily disabled by the manager of its host HostManager to prevent it being exploited should it become infected by malware. This strategy represents a contingency plan, which can be used to reduce risk from some threats but it may triggers other threats representing possible side effects, depending on how likely it is that the contingency plan will need to be activated.

CSG-SuspendInfectedProcess-Implementation-Runtime

Process Process has been disabled by the manager of its host HostManager to prevent it being exploited after being infected by malware. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To activate it at runtime, signal user HostManager who is responsible for managing the device hosting Process. The Disabled Process control should be deselected only when the process has been restarted.