Home > CAPEC List > CAPEC-530: Provide Counterfeit Component (Version 2.9)  

CAPEC-530: Provide Counterfeit Component

 
Provide Counterfeit Component
Definition in a New Window Definition in a New Window
Attack Pattern ID: 530
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker provides a counterfeit component during the procurement process of a lower-tier component supplier to a sub-system developer or integrator, which is then built into the system being upgraded or repaired by the victim, allowing the attacker to cause disruption or additional compromise.

+ Attack Prerequisites
  • Advanced knowledge about the target system and sub-components.

+ Typical Severity

High

+ Typical Likelihood of Exploit

Likelihood: Low

The nature of these type of attacks involve a coordinated effort between well-funded multiple attackers, and sometimes require physical access to successfully complete an attack. As a result these types of attacks are not launched on a large scale against any potential victim, but are typically highly targeted against victims who are often targeted and may have rather sophisticated cyber defenses already in place.

+ Examples-Instances

Description

The attacker, aware that the victim has contracted with an integrator for system maintenance and that the integrator uses commercial-off-the-shelf network hubs, develops their own network hubs with a built-in malicious capability for remote access, the malicious network hubs appear to be a well-known brand of network hub but are not. The attacker then advertises to the sub-system integrator that they are a legit supplier of network hubs, and offers them at a reduced price to entice the integrator to purchase these network hubs. The integrator then installs the attacker's hubs at the victim's location, allowing the attacker to remotely compromise the victim's network.

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: High

Able to develop and manufacture malicious system components that resemble legitimate name-brand components.

+ References
[R.530.1] [REF-50] John F. Miller. "Supply Chain Attack Framework and Attack Patterns". The MITRE Corporation. 2013. <http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated Related_Attack_Patterns, Typical_Likelihood_of_ExploitInternal
Previous Entry Names
DatePrevious Entry Name
2015-11-09Counterfeit Component Supplied

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015