CAPEC-533 Metadata
Likelihood of Attack
Low
Typical Severity
High
Overview
Summary
An attacker introduces malicious code to the victim's system by altering the payload of a software update, allowing for additional compromise or site disruption at the victim location. These manual, or user-assisted attacks, vary from requiring the user to download and run an executable, to as streamlined as tricking the user to click a URL. Attacks which aim at penetrating a specific network infrastructure often rely upon secondary attack methods to achieve the desired impact. Spamming, for example, is a common method employed as an secondary attack vector. Thus the attacker has in their arsenal a choice of initial attack vectors ranging from traditional SMTP/POP/IMAP spamming and its varieties, to web-application mechanisms which commonly implement both chat and rich HTML messaging within the user interface.
Prerequisites
Advanced knowledge about the download and update installation processes. Advanced knowledge about the deployed system and its various software subcomponents and processes.
Potential Solutions / Mitigations
Only accept software updates from an official source.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-494 | Download of Code Without Integrity Check |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-186 | An adversary uses deceptive methods to cause a user or an automated process to download and install dangerous code believed to be a valid update that originates from an adversary controlled source. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.