Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-669:Alteration of a Software Update
Attack Pattern ID:669
Version:v3.9
Attack Pattern Name:Alteration of a Software Update
Abstraction:Standard
Status:Draft
Likelihood of Attack:Medium
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
▼Description

An adversary with access to an organization’s software update infrastructure inserts malware into the content of an outgoing update to fielded systems where a wide range of malicious effects are possible. With the same level of access, the adversary can alter a software update to perform specific malicious acts including granting the adversary control over the software’s normal functionality.

▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfM184Software Integrity Attack
CanFollowD670Software Development Tools Maliciously Altered
CanPrecedeD673Developer Signing Maliciously Altered Software
Nature: ChildOf
Type: Meta
ID: 184
Name: Software Integrity Attack
Nature: CanFollow
Type: Detailed
ID: 670
Name: Software Development Tools Maliciously Altered
Nature: CanPrecede
Type: Detailed
ID: 673
Name: Developer Signing Maliciously Altered Software
▼Execution Flow
Explore
1.

Identify software with frequent updates

The adversary must first identify a target software that has updates at least with some frequency, enough that there is am update infrastructure.

Technique
Experiment
1.

Gain access to udpate infrastructure

The adversary must then gain access to the organization's software update infrastructure. This can either be done by gaining remote access from outside the organization, or by having a malicious actor inside the organization gain access. It is often easier if someone within the organization gains access.

Technique
Exploit
1.

Alter the software update

Through access to the software update infrastructure, an adversary will alter the software update by injecting malware into the content of an outgoing update.

Technique
▼Prerequisites
An adversary would need to have penetrated an organization’s software update infrastructure including gaining access to components supporting the configuration management of software versions and updates related to the software maintenance of customer systems.
▼Skills Required
High

Skills required include the ability to infiltrate the organization’s software update infrastructure either from the Internet or from within the organization, including subcontractors, and be able to change software being delivered to customer/user systems in an undetected manner.

▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
Access ControlN/AGain PrivilegesN/A
AuthorizationN/AExecute Unauthorized CommandsN/A
IntegrityN/AModify DataN/A
ConfidentialityN/ARead DataN/A
Scope: Access Control
Likelihood: N/A
Impact: Gain Privileges
Note: N/A
Scope: Authorization
Likelihood: N/A
Impact: Execute Unauthorized Commands
Note: N/A
Scope: Integrity
Likelihood: N/A
Impact: Modify Data
Note: N/A
Scope: Confidentiality
Likelihood: N/A
Impact: Read Data
Note: N/A
▼Mitigations
Have a Software Assurance Plan that includes maintaining strict configuration management control of source code, object code and software development, build and distribution tools; manual code reviews and static code analysis for developmental software; and tracking of all storage and movement of code.
Require elevated privileges for distribution of software and software updates.
▼Example Instances
▼Related Weaknesses
IDName
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1195.002Supply Chain Compromise: Compromise Software Supply Chain
Taxonomy Name: ATTACK
Entry ID: 1195.002
Entry Name: Supply Chain Compromise: Compromise Software Supply Chain
▼Notes
▼References
Reference ID: REF-658
Title: Defending Against Software Supply Chain Attacks
Author:
Publication:
Publisher:Cybersecurity and Infrastructure Security Agency (CISA)
Edition:
URL:https://www.cisa.gov/sites/default/files/publications/defending_against_software_supply_chain_attacks_508_1.pdf
URL Date:2021-06-22
Day:N/A
Month:04
Year:2021
Reference ID: REF-659
Title: Deliver Uncompromised: Securing Critical Software Supply Chains
Author: Dr. Charles Clancy, Joe Ferraro, Robert A. Martin, Adam G. Pennington, Christopher L. Sledjeski, Dr. Craig J. Wiener
Publication:
Publisher:The MITRE Corporation
Edition:
URL:https://www.mitre.org/publications/technical-papers/deliver-uncompromised-securing-critical-software-supply-chains
URL Date:2021-06-22
Day:N/A
Month:01
Year:2021
Reference ID: REF-660
Title: Supply Chain Attack Patterns: Framework and Catalog
Author: Melinda Reed, John F. Miller, Paul Popick
Publication:
Publisher:Office of the Assistant Secretary of Defense for Research and Engineering
Edition:
URL:https://docplayer.net/13041016-Supply-chain-attack-patterns-framework-and-catalog.html
URL Date:2021-06-22
Day:N/A
Month:08
Year:2014
Details not found