CAPEC-670: Software Development Tools Maliciously Altered
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary with the ability to alter tools used in a development environment causes software to be developed with maliciously modified tools. Such tools include requirements management and database tools, software design tools, configuration management tools, compilers, system build tools, and software performance testing and load testing tools. The adversary then carries out malicious acts once the software is deployed including malware infection of other systems to support further compromises.
前提条件
- An adversary would need to have access to a targeted developer’s development environment and in particular to tools used to design, create, test and manage software, where the adversary could ensure malicious code is included in software packages built through alteration or substitution of tools in the environment used in the development of software.
所需技能
后果影响
影响范围: Integrity
技术影响: Execute Unauthorized Commands
影响范围: Access Control
技术影响: Gain Privileges
影响范围: Confidentiality
技术影响: Modify Data
缓解措施
Have a security concept of operations (CONOPS) for the development environment that includes: Maintaining strict security administration and configuration management of requirements management and database tools, software design tools, configuration management tools, compilers, system build tools, and software performance testing and load testing tools.
Avoid giving elevated privileges to developers.
示例实例
An adversary with access to software build tools inside an Integrated Development Environment IDE alters a script used for downloading dependencies from a dependent code repository where the script has been changed to include malicious code implanted in the repository by the adversary.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1127 | Trusted Developer Utilities Proxy Execution |
| ATTACK | 1195.001 | Supply Chain Compromise: Compromise Software Dependencies and Development Tools |