Add an attack step on the User to represent the attacker's attempts to supply malicious removable media drives that unsuspecting and security unaware users may plug into their work systems.
For situations where the firmware is modified on removable drives that legitimately are used within the organisation the hardware supply chain logic should be used instead.
Add an attack step on the User to represent the attacker's attempts to supply malicious removable media drives that unsuspecting and security unaware users may plug into their work systems.
https://attack.mitre.org/techniques/T1091/
@skatsikeas This is a relatively simple change that just needs your quick review and I will merge it in.