Bootkit

Adversaries may use bootkits to persist on systems and evade detection. Bootkits reside at a layer below the operating system and may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.

ID: DE-0008
Sub-techniques: 
Related Aerospace Threat IDs: 
Related MITRE ATT&CK TTPs:  T1542 | T1542.003
Tactic:
Created: 2022/12/08
Last Modified: 2022/12/08

Countermeasures

ID Name Description NIST Rev5
CM0021 Software Digital Signature Prevent the installation of Flight Software without verification that the component has been digitally signed using a certificate that is recognized and approved by the mission. CM-11(3) CM-14 CM-14 SA-10(1) SI-7 SI-7(12) SI-7(15)
CM0014 Secure boot Software/Firmware must verify a trust chain that extends through the hardware root of trust, boot loader, boot configuration file, and operating system image, in that order. The trusted boot/RoT computing module should be implemented on radiation tolerant burn-in (non-programmable) equipment.  SC-51 SI-7(9)

References

  • https://us.norton.com/blog/malware/what-is-a-rootkit-and-how-to-stop-them