New to CAPEC? Start Here
Home > CAPEC List > CAPEC-669: Alteration of a Software Update (Version 3.9)  

CAPEC-669: Alteration of a Software Update

Attack Pattern ID: 669
Abstraction: Standard
View customized information:
+ Description

An adversary with access to an organization’s software update infrastructure inserts malware into the content of an outgoing update to fielded systems where a wide range of malicious effects are possible. With the same level of access, the adversary can alter a software update to perform specific malicious acts including granting the adversary control over the software’s normal functionality.

+ Likelihood Of Attack

Medium

+ Typical Severity

High

+ Relationships
Section HelpThis table shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.
NatureTypeIDName
ChildOfMeta Attack PatternMeta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or technique used in an attack. A meta attack pattern is often void of a specific technology or implementation and is meant to provide an understanding of a high level approach. A meta level attack pattern is a generalization of related group of standard level attack patterns. Meta level attack patterns are particularly useful for architecture and design level threat modeling exercises.184Software Integrity Attack
CanFollowDetailed Attack PatternDetailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.670Software Development Tools Maliciously Altered
CanPrecedeDetailed Attack PatternDetailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.673Developer Signing Maliciously Altered Software
Section HelpThis table shows the views that this attack pattern belongs to and top level categories within that view.
+ Execution Flow
Explore
  1. Identify software with frequent updates: The adversary must first identify a target software that has updates at least with some frequency, enough that there is am update infrastructure.

Experiment
  1. Gain access to udpate infrastructure: The adversary must then gain access to the organization's software update infrastructure. This can either be done by gaining remote access from outside the organization, or by having a malicious actor inside the organization gain access. It is often easier if someone within the organization gains access.

Exploit
  1. Alter the software update: Through access to the software update infrastructure, an adversary will alter the software update by injecting malware into the content of an outgoing update.

+ Prerequisites
An adversary would need to have penetrated an organization’s software update infrastructure including gaining access to components supporting the configuration management of software versions and updates related to the software maintenance of customer systems.
+ Skills Required
[Level: High]
Skills required include the ability to infiltrate the organization’s software update infrastructure either from the Internet or from within the organization, including subcontractors, and be able to change software being delivered to customer/user systems in an undetected manner.
+ Consequences
Section HelpThis table specifies different individual consequences associated with the attack pattern. The Scope identifies the security property that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in their attack. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a pattern will be used to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.
ScopeImpactLikelihood
Access Control
Gain Privileges
Authorization
Execute Unauthorized Commands
Integrity
Modify Data
Confidentiality
Read Data
+ Mitigations
Have a Software Assurance Plan that includes maintaining strict configuration management control of source code, object code and software development, build and distribution tools; manual code reviews and static code analysis for developmental software; and tracking of all storage and movement of code.
Require elevated privileges for distribution of software and software updates.
+ Example Instances

A subcontractor to a software developer injects maliciously altered software updates into an automated update process that distributes to government and commercial customers software containing a hidden backdoor.

+ Taxonomy Mappings
Section HelpCAPEC mappings to ATT&CK techniques leverage an inheritance model to streamline and minimize direct CAPEC/ATT&CK mappings. Inheritance of a mapping is indicated by text stating that the parent CAPEC has relevant ATT&CK mappings. Note that the ATT&CK Enterprise Framework does not use an inheritance model as part of the mapping to CAPEC.
Relevant to the ATT&CK taxonomy mapping
Entry IDEntry Name
1195.002Supply Chain Compromise: Compromise Software Supply Chain
+ References
[REF-658] "Defending Against Software Supply Chain Attacks". Cybersecurity and Infrastructure Security Agency (CISA). 2021-04. <https://www.cisa.gov/sites/default/files/publications/defending_against_software_supply_chain_attacks_508_1.pdf>. URL validated: 2021-06-22.
[REF-659] Dr. Charles Clancy, Joe Ferraro, Robert A. Martin, Adam G. Pennington, Christopher L. Sledjeski and Dr. Craig J. Wiener. "Deliver Uncompromised: Securing Critical Software Supply Chains". The MITRE Corporation. 2021-01. <https://www.mitre.org/publications/technical-papers/deliver-uncompromised-securing-critical-software-supply-chains>. URL validated: 2021-06-22.
[REF-660] Melinda Reed, John F. Miller and Paul Popick. "Supply Chain Attack Patterns: Framework and Catalog". Office of the Assistant Secretary of Defense for Research and Engineering. 2014-08. <https://docplayer.net/13041016-Supply-chain-attack-patterns-framework-and-catalog.html>. URL validated: 2021-06-22.
+ Content History
Submissions
Submission DateSubmitterOrganization
2021-06-24
(Version 3.5)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2021-10-21
(Version 3.6)
CAPEC Content TeamThe MITRE Corporation
Updated Execution_Flow
2022-09-29
(Version 3.8)
CAPEC Content TeamThe MITRE Corporation
Updated Taxonomy_Mappings
More information is available — Please select a different filter.
Page Last Updated or Reviewed: June 24, 2021