CAPEC-550 Metadata
Likelihood of Attack
Medium
Typical Severity
Medium
Overview
Summary
When an operating system starts, it also starts programs called services or daemons. Adversaries may install a new service which will be executed at startup (on a Windows system, by modifying the registry). The service name may be disguised by using a name from a related operating system or benign software. Services are usually run with elevated privileges.
Prerequisites
No prerequisites listed.
Potential Solutions / Mitigations
Limit privileges of user accounts so new service creation can only be performed by authorized administrators.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-284 | Improper Access Control |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-542 | An adversary develops targeted malware that takes advantage of a known vulnerability in an organizational information technology environment. The malware crafted for these attacks is based specifically on information gathered about the technology environment. Successfully executing the malware enables an adversary to achieve a wide variety of negative technical impacts. |
Taxonomy Mappings
Taxonomy: ATTACK
| Entry ID | Entry Name |
|---|---|
| 1543 | Create or Modify System Process |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.