CAPEC-690: Metadata Spoofing

An adversary alters the metadata of a resource (e.g., file, directory, repository, etc.) to present a malicious resource as legitimate/credible.

High

Typical severity

Per MITRE

Medium

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Overview

One approach to this attack entails the adversary altering a maliciously modified resource's metadata in order to hide their malicious activity. Another approach involves altering the metadata of an adversary-created resource to make the source appear more credible. Adversaries may spoof a variety of metadata across a number of resources, such as the following: Authors of Version Control System (VCS) repository commits Open source package statistics File attributes, such as when a file was last update The ultimate goal of a Metadata Spoofing attack is to trick victims into believing the malicious resource being provided originates from a reputable source. However, the victim instead leverages the malicious resource, which could result in a number of negative technical impacts.

CAPEC-690: Metadata Spoofing

Overview

What the attacker needs

Prerequisites

Skills required

Consequences

How to mitigate it

Frequently asked questions

What is CAPEC-690?

How do you prevent CAPEC-690?

How severe is CAPEC-690?

References

Defend against CAPEC-690

Overview

What the attacker needs

Prerequisites

Skills required

Consequences

How to mitigate it

Related attack patterns

Child

Frequently asked questions

What is CAPEC-690?

How do you prevent CAPEC-690?

How severe is CAPEC-690?

References

Defend against CAPEC-690