CAPEC-530 Metadata
Likelihood of Attack
Low
Typical Severity
High
Overview
Summary
An attacker provides a counterfeit component during the procurement process of a lower-tier component supplier to a sub-system developer or integrator, which is then built into the system being upgraded or repaired by the victim, allowing the attacker to cause disruption or additional compromise.
Prerequisites
Advanced knowledge about the target system and sub-components.
Potential Solutions / Mitigations
There are various methods to detect if the component is a counterfeit. See section II of [REF-703] for many techniques.
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-531 | An attacker substitutes out a tested and approved hardware component for a maliciously-altered hardware component. This type of attack is carried out directly on the system, enabling the attacker to then cause disruption or additional compromise. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.