CAPEC 673 Developer Signing Maliciously Altered Software

Draft Detailed Medium Risk

Severity High

Description

{'xhtml:p': ['Software produced by a reputable developer is clandestinely infected with malicious code and then digitally signed by the unsuspecting developer, where the software has been altered via a compromised software development or build process prior to being signed. The receiver or user of the software has no reason to believe that it is anything but legitimate and proceeds to deploy it to organizational systems.', 'This attack differs from CAPEC-206, since the developer is inadvertently signing malicious code they believe to be legitimate and which they are unware of any malicious modifications.']}

CAPEC 673 Developer Signing Maliciously Altered Software

Description

Mitigations

Employ Intrusion Detection And Malware Detection Capabilities On Ide Systems Where Feasible.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Related ATT&CK Techniques

Compromise Software Supply Chain

CAPEC 673 Developer Signing Maliciously Altered Software

Description

Mitigations

Employ Intrusion Detection And Malware Detection Capabilities On Ide Systems Where Feasible.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Related ATT&CK Techniques

Compromise Software Supply Chain

Iscriviti alla newsletter