Software Integrity Attacks
Attack Pattern ID: 184 (Meta Attack Pattern Completeness: Complete)Typical Severity: LowStatus: Draft
+ Description

Summary

An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target's integrity to achieve an insecure state.

+ Attacker Skills or Knowledge Required

Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the attacker to host a payload and then trigger the installation of the payload code.

+ Resources Required

Software Integrity Attacks are usually a late stage focus of attack activity which depends upon the success of a chain of prior events. The resources required to perform the attack vary with respect to the overall attack strategy, existing countermeasures which must be bypassed, and the success of early phase attack vectors.

+ Related Weaknesses
CWE-IDWeakness NameWeakness Relationship Type
494Download of Code Without Integrity CheckTargeted
+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfCategoryCategory210Abuse of Functionality 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern111JSON Hijacking (aka JavaScript Hijacking) 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern185Malicious Software Download 
Mechanism of Attack (primary)1000