CAPEC-669: Alteration of a Software Update

Description

<p>An adversary with access to an organization’s software update infrastructure inserts malware into the content of an outgoing update to fielded systems where a wide range of malicious effects are possible. With the same level of access, the adversary can alter a software update to perform specific malicious acts including granting the adversary control over the software’s normal functionality.<p>

Extended Description

This attack first requires the adversary to trick the victim into installing a Trojan Horse application on their system, such as a malicious web browser plugin, which the adversary then leverages to mount the attack. The victim interacts with a web application, such as a banking website, in a normal manner and under the assumption that the connection is secure. However, the adversary can now alter and/or reroute traffic between the client application (e.g., web browser) and the coinciding endpoint, while simultaneously displaying intended transactions and data back to the user. The adversary may also be able to glean cookies, HTTP sessions, and SSL client certificates, which can be used to pivot into an authenticated intranet. Identifying AITB is often difficult because these attacks are successful even when security mechanisms such as SSL/PKI and multifactor authentication are present, since they still function as intended during the attack.

Severity :

High

Possibility :

Medium

Type :

Standard

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-184: Software Integrity Attack Software Integrity Attack CAPEC-670: Software Development Tools Maliciously Altered Software Development Tools Maliciously Altered CAPEC-673: Developer Signing Maliciously Altered Software Developer Signing Maliciously Altered Software

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

An adversary would need to have penetrated an organization’s software update infrastructure including gaining access to components supporting the configuration management of software versions and updates related to the software maintenance of customer systems.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

High Skills required include the ability to infiltrate the organization’s software update infrastructure either from the Internet or from within the organization, including subcontractors, and be able to change software being delivered to customer/user systems in an undetected manner.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

ATTACK | Supply Chain Compromise: Compromise Software Supply Chain

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

Visit http://capec.mitre.org/ for more details.