CAPEC-690: Metadata Spoofing
An adversary alters the metadata of a resource (e.g., file, directory, repository, etc.) to present a malicious resource as legitimate/credible.
Last updated
Overview
One approach to this attack entails the adversary altering a maliciously modified resource's metadata in order to hide their malicious activity. Another approach involves altering the metadata of an adversary-created resource to make the source appear more credible. Adversaries may spoof a variety of metadata across a number of resources, such as the following: Authors of Version Control System (VCS) repository commits Open source package statistics File attributes, such as when a file was last update The ultimate goal of a Metadata Spoofing attack is to trick victims into believing the malicious resource being provided originates from a reputable source. However, the victim instead leverages the malicious resource, which could result in a number of negative technical impacts.
What the attacker needs
Prerequisites
- Identification of a resource whose metadata is to be spoofed
Skills required
- Medium skill: Ability to spoof a variety of metadata to convince victims the source is trusted
Consequences
What a successful CAPEC-690 attack can achieve.
Modify Data
Affects: Integrity
Hide Activities
Affects: Accountability
Execute Unauthorized Commands
Affects: Access Control, Authorization
How to mitigate it
Defenses that reduce the risk of CAPEC-690.