CAPEC-669: Alteration of a Software Update
An adversary with access to an organization’s software update infrastructure inserts malware into the content of an outgoing update to fielded systems where a wide range of malicious effects are possible. With the same level of access, the adversary can alter a software update to perform specific malicious acts including granting the adversary control over the software’s normal functionality.
Last updated
Overview
CAPEC-669 (Alteration of a Software Update) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
How the attack works
The phases an attacker typically follows to carry out this attack.
- Step 1Explore
[Identify software with frequent updates] The adversary must first identify a target software that has updates at least with some frequency, enough that there is am update infrastructure.
- Step 2Experiment
[Gain access to udpate infrastructure] The adversary must then gain access to the organization's software update infrastructure. This can either be done by gaining remote access from outside the organization, or by having a malicious actor inside the organization gain access. It is often easier if someone within the organization gains access.
- Step 3Exploit
[Alter the software update] Through access to the software update infrastructure, an adversary will alter the software update by injecting malware into the content of an outgoing update.