CAPEC-536: Data Injected During Configuration
An attacker with access to data files and processes on a victim's system injects malicious data into critical operational data during configuration or recalibration, causing the victim's system to perform in a suboptimal manner that benefits the adversary.
Last updated
Overview
CAPEC-536 (Data Injected During Configuration) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
How the attack works
The phases an attacker typically follows to carry out this attack.
- Step 1Explore
[Determine configuration process] The adversary, through a previously compromised system, either remotely or physically, determines what the configuration process is. They look at configuration files, data files, and running processes on the system to identify areas where they could inject malicious data.
- Step 2Explore
[Determine when configuration occurs] The adversary needs to then determine when configuration or recalibration of a system occurs so they know when to inject malicious data.
- Look for a weekly update cycle or repeated update schedule.
- Insert a malicious process into the target system that notifies the adversary when configuration is occurring.
- Step 3Experiment
[Determine malicious data to inject] By looking at the configuration process, the adversary needs to determine what malicious data they want to insert and where to insert it.