ByteOS Network

CAPEC-184:Software Integrity Attack

Attack Pattern ID:184

Version:v3.9

Attack Pattern Name:Software Integrity Attack

Abstraction:Meta

Status:Draft

Typical Severity:Low

Details Content History Related Weaknesses Reports

▼Description

An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target's integrity to achieve an insecure state.

▼Relationships

Nature	Type	ID	Name
ParentOf	S	185	Malicious Software Download
ParentOf	S	186	Malicious Software Update
ParentOf	S	663	Exploitation of Transient Instruction Execution
ParentOf	S	669	Alteration of a Software Update
CanFollow	S	691	Spoof Open-Source Software Metadata

Nature: ParentOf

Type: Standard

ID: 185

Name: Malicious Software Download

Nature: ParentOf

Type: Standard

ID: 186

Name: Malicious Software Update

Nature: ParentOf

Type: Standard

ID: 663

Name: Exploitation of Transient Instruction Execution

Nature: ParentOf

Type: Standard

ID: 669

Name: Alteration of a Software Update

Nature: CanFollow

Type: Standard

ID: 691

Name: Spoof Open-Source Software Metadata

▼Skills Required

Medium

Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the attacker to host a payload and then trigger the installation of the payload code.

▼Resources Required

Software Integrity Attacks are usually a late stage focus of attack activity which depends upon the success of a chain of prior events. The resources required to perform the attack vary with respect to the overall attack strategy, existing countermeasures which must be bypassed, and the success of early phase attack vectors.

▼Related Weaknesses

ID	Name
CWE-494	Download of Code Without Integrity Check

ID: CWE-494

Name: Download of Code Without Integrity Check