CAPEC-690: Metadata Spoofing
An adversary alters the metadata of a resource (e.g., file, directory, repository, etc.) to present a malicious resource as legitimate/credible.
Last updated
Overview
One approach to this attack entails the adversary altering a maliciously modified resource's metadata in order to hide their malicious activity. Another approach involves altering the metadata of an adversary-created resource to make the source appear more credible. Adversaries may spoof a variety of metadata across a number of resources, such as the following: Authors of Version Control System (VCS) repository commits Open source package statistics File attributes, such as when a file was last update The ultimate goal of a Metadata Spoofing attack is to trick victims into believing the malicious resource being provided originates from a reputable source. However, the victim instead leverages the malicious resource, which could result in a number of negative technical impacts.
What the attacker needs
Prerequisites
- Identification of a resource whose metadata is to be spoofed
Skills required
- Medium skill: Ability to spoof a variety of metadata to convince victims the source is trusted
Consequences
What a successful CAPEC-690 attack can achieve.
Modify Data
Affects: Integrity
Hide Activities
Affects: Accountability
Execute Unauthorized Commands
Affects: Access Control, Authorization
How to mitigate it
Defenses that reduce the risk of CAPEC-690.
- Validate metadata of resources such as authors, timestamps, and statistics.
- Confirm the pedigree of open source packages and ensure the code being downloaded does not originate from another source.
- Even if the metadata is properly checked and a user believes it to be legitimate, there may still be a chance that they've been duped. Therefore, leverage automated testing techniques to determine where malicious areas of the code may exist.
Frequently asked questions
Common questions about CAPEC-690.
- What is CAPEC-690?
- An adversary alters the metadata of a resource (e.g., file, directory, repository, etc.) to present a malicious resource as legitimate/credible.
- How do you prevent CAPEC-690?
- Validate metadata of resources such as authors, timestamps, and statistics.
- How severe is CAPEC-690?
- MITRE rates CAPEC-690 as High severity with medium likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-690
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.