Dark Mode

Settings

Capec-669 Detail

Alteration of a Software Update

Standard Social Engineering Supply Chain Software Likelihood: Medium Typical Severity: High

Parents: 184

Description

An adversary with access to an organization’s software update infrastructure inserts malware into the content of an outgoing update to fielded systems where a wide range of malicious effects are possible. With the same level of access, the adversary can alter a software update to perform specific malicious acts including granting the adversary control over the software’s normal functionality.

Not present

External ID Source Link Description
CAPEC-669 capec https://capec.mitre.org/data/definitions/669.html
T1195.002 ATTACK https://attack.mitre.org/wiki/Technique/T1195/002 Supply Chain Compromise: Compromise Software Supply Chain
REF-658 reference_from_CAPEC https://www.cisa.gov/sites/default/files/publications/defending_against_software_supply_chain_attacks_508_1.pdf Defending Against Software Supply Chain Attacks, 2021--04, Cybersecurity and Infrastructure Security Agency (CISA)
REF-659 reference_from_CAPEC https://www.mitre.org/publications/technical-papers/deliver-uncompromised-securing-critical-software-supply-chains Dr. Charles Clancy, Joe Ferraro, Robert A. Martin, Adam G. Pennington, Christopher L. Sledjeski, Dr. Craig J. Wiener, Deliver Uncompromised: Securing Critical Software Supply Chains, 2021--01, The MITRE Corporation
REF-660 reference_from_CAPEC https://docplayer.net/13041016-Supply-chain-attack-patterns-framework-and-catalog.html Melinda Reed, John F. Miller, Paul Popick, Supply Chain Attack Patterns: Framework and Catalog, 2014--08, Office of the Assistant Secretary of Defense for Research and Engineering
Explore

  1. Identify software with frequent updates: The adversary must first identify a target software that has updates at least with some frequency, enough that there is am update infrastructure.

Experiment

  1. Gain access to udpate infrastructure: The adversary must then gain access to the organization's software update infrastructure. This can either be done by gaining remote access from outside the organization, or by having a malicious actor inside the organization gain access. It is often easier if someone within the organization gains access.

Exploit

  1. Alter the software update: Through access to the software update infrastructure, an adversary will alter the software update by injecting malware into the content of an outgoing update.

  1. An adversary would need to have penetrated an organization’s software update infrastructure including gaining access to components supporting the configuration management of software versions and updates related to the software maintenance of customer systems.

Not present

High
Skills required include the ability to infiltrate the organization’s software update infrastructure either from the Internet or from within the organization, including subcontractors, and be able to change software being delivered to customer/user systems in an undetected manner.
Integrity Authorization Access Control Confidentiality
Modify Data Execute Unauthorized Commands Gain Privileges Read Data
  1. A subcontractor to a software developer injects maliciously altered software updates into an automated update process that distributes to government and commercial customers software containing a hidden backdoor.

We use cookies to ensure you get the best experience on our website.