Name |
Malicious Software Update |
|
Likelyhood of attack |
Typical severity |
High |
High |
|
Summary |
An adversary uses deceptive methods to cause a user or an automated process to download and install dangerous code believed to be a valid update that originates from an adversary controlled source. |
Prerequisites |
|
Execution Flow |
Step |
Phase |
Description |
Techniques |
1 |
Explore |
[Identify target] The adversary must first identify what they want their target to be. Because malicious software updates can be carried out in a variety of ways, the adversary will first not only identify a target program, but also what users they wish to target. This attack can be targeted (a particular user or group of users) or untargeted (many different users). |
|
2 |
Experiment |
[Craft a deployment mechanism based on the target] The adversary must craft a deployment mechanism to deploy the malicious software update. This mechanism will differ based on if the attack is targeted or untargeted. |
- Targeted attack: hosting what appears to be a software update, then harvesting actual email addresses for an organization, or generating commonly used email addresses, and then sending spam, phishing, or spear-phishing emails to the organization's users requesting that they manually download and install the malicious software update.
- Targeted attack: Instant Messaging virus payload, which harvests the names from a user's contact list and sends instant messages to those users to download and apply the update
- Untargeted attack: Spam the malicious update to as many users as possible through unsolicited email, instant messages, or social media messages.
- Untargeted attack: Send phishing emails to as many users as possible and pretend to be a legitimate source suggesting to download an important software update.
- Untargeted attack: Use trojans/botnets to aid in either of the two untargeted attacks.
|
3 |
Exploit |
[Deploy malicious software update] Using the deployment mechanism from the previous step, the adversary gets a user to install the malicious software update. |
|
|
Solutions | Validate software updates before installing. |
Related Weaknesses |
CWE ID
|
Description
|
CWE-494 |
Download of Code Without Integrity Check |
|
Related CAPECS |
CAPEC ID
|
Description
|
CAPEC-98 |
Phishing is a social engineering technique where an attacker masquerades as a legitimate entity with which the victim might do business in order to prompt the user to reveal some confidential information (very frequently authentication credentials) that can later be used by an attacker. Phishing is essentially a form of information gathering or "fishing" for information. |
CAPEC-184 |
An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target's integrity to achieve an insecure state. |
|
Taxonomy: ATTACK |
Entry ID
|
Entry Name
|
1195.002 |
Supply Chain Compromise: Compromise Software Supply Chain |
|