Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-670:Software Development Tools Maliciously Altered
Attack Pattern ID:670
Version:v3.9
Attack Pattern Name:Software Development Tools Maliciously Altered
Abstraction:Detailed
Status:Draft
Likelihood of Attack:Low
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary with the ability to alter tools used in a development environment causes software to be developed with maliciously modified tools. Such tools include requirements management and database tools, software design tools, configuration management tools, compilers, system build tools, and software performance testing and load testing tools. The adversary then carries out malicious acts once the software is deployed including malware infection of other systems to support further compromises.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfS444Development Alteration
CanPrecedeS669Alteration of a Software Update
Nature: ChildOf
Type: Standard
ID: 444
Name: Development Alteration
Nature: CanPrecede
Type: Standard
ID: 669
Name: Alteration of a Software Update
▼Execution Flow
▼Prerequisites
An adversary would need to have access to a targeted developer’s development environment and in particular to tools used to design, create, test and manage software, where the adversary could ensure malicious code is included in software packages built through alteration or substitution of tools in the environment used in the development of software.
▼Skills Required
High

Ability to leverage common delivery mechanisms (e.g., email attachments, removable media) to infiltrate a development environment to gain access to software development tools for the purpose of malware insertion into an existing tool or replacement of an existing tool with a maliciously altered copy.

▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
IntegrityN/AExecute Unauthorized CommandsN/A
Access ControlN/AGain PrivilegesN/A
ConfidentialityN/AModify DataRead DataN/A
Scope: Integrity
Likelihood: N/A
Impact: Execute Unauthorized Commands
Note: N/A
Scope: Access Control
Likelihood: N/A
Impact: Gain Privileges
Note: N/A
Scope: Confidentiality
Likelihood: N/A
Impact: Modify Data, Read Data
Note: N/A
▼Mitigations
Have a security concept of operations (CONOPS) for the development environment that includes: Maintaining strict security administration and configuration management of requirements management and database tools, software design tools, configuration management tools, compilers, system build tools, and software performance testing and load testing tools.
Avoid giving elevated privileges to developers.
▼Example Instances
▼Related Weaknesses
IDName
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1127Trusted Developer Utilities Proxy Execution
ATTACK1195.001Supply Chain Compromise: Compromise Software Dependencies and Development Tools
Taxonomy Name: ATTACK
Entry ID: 1127
Entry Name: Trusted Developer Utilities Proxy Execution
Taxonomy Name: ATTACK
Entry ID: 1195.001
Entry Name: Supply Chain Compromise: Compromise Software Dependencies and Development Tools
▼Notes
▼References
Reference ID: REF-439
Title: Supply Chain Attack Framework and Attack Patterns
Author: John F. Miller
Publication:
Publisher:The MITRE Corporation
Edition:
URL:http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf
URL Date:
Day:N/A
Month:N/A
Year:2013
Reference ID: REF-660
Title: Supply Chain Attack Patterns: Framework and Catalog
Author: Melinda Reed, John F. Miller, Paul Popick
Publication:
Publisher:Office of the Assistant Secretary of Defense for Research and Engineering
Edition:
URL:https://docplayer.net/13041016-Supply-chain-attack-patterns-framework-and-catalog.html
URL Date:2021-06-22
Day:N/A
Month:08
Year:2014
Reference ID: REF-667
Title: Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
Author:
Publication:
Publisher:Schneier on Security
Edition:
URL:https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
URL Date:2021-06-24
Day:13
Month:12
Year:2020
Details not found