Closed andrewbwm closed 2 years ago
This topic is tangentially related to the concept of delivering malicious removable media(or similar devices containing pernicious code). The vectors are not necessarily related, but the behaviour we may wish to model is similar.
Currently delivering malicious removable media via the user does to not actually give the attacker any significant impact on the applications since it does not trigger any connect(local or network). For both of these situations(ransomware and malicious removable media) we may want to allow the attacker to at least deny the application, the important limitation is that the attacker shouldn't be allowed to read data unless they're able to obtain reverse reach eventually.
A first implementation of this concept was introduced in #65 (62098aa5569c1b27eab36795314774b6d3e1fe7b). The idea is that an attacker is still able to perform malicious actions via unsafe user actions even in the circumstances where the user cannot reach the attacker(no reverse reachability). However, this requires much more effort from the attacker as it is assumed that reconnaissance must be performed in advance or the code must be much more complex in order to operate autonomously in unknown environment.
@joarjox brought up the topic of ransomware attacks and how we wish to model them.
This is also related to the T1486: Data Encrypted for Impact MITRE technique.
The question is broadly related to the impact unsafe user action should have when there is no connectivity to the attacker.