Conditions préalables
Physical access to an integration facility that prepares the system before it is deployed at the victim location.
Compétences requises
Advanced knowledge of the design of the system.
Hardware creation and manufacture of replacement components.
Atténuations
Deploy strong code integrity policies to allow only authorized apps to run.
Use endpoint detection and response solutions that can automaticalkly detect and remediate suspicious activities.
Maintain a highly secure build and update infrastructure by immediately applying security patches for OS and software, implementing mandatory integrity controls to ensure only trusted tools run, and requiring multi-factor authentication for admins.
Require SSL for update channels and implement certificate transparency based verification.
Sign everything, including configuration files, XML files and packages.
Develop an incident response process, disclose supply chain incidents and notify customers with accurate and timely information.
Maintain strong physical system access controls and monitor networks and physical facilities for insider threats.
Références
REF-439
Supply Chain Attack Framework and Attack Patterns
John F. Miller.
http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf REF-716
Supply chain attacks
Daniel Simpson, Dani Halfin, Andrews Mariano Gorzelany, Beth Woodbury.
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/supply-chain-malware
Soumission
Nom |
Organisation |
Date |
Date de publication |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
|
Modifications
Nom |
Organisation |
Date |
Commentaire |
CAPEC Content Team |
The MITRE Corporation |
2015-11-09 +00:00 |
Updated Typical_Likelihood_of_Exploit |
CAPEC Content Team |
The MITRE Corporation |
2020-07-30 +00:00 |
Updated Related_Attack_Patterns |
CAPEC Content Team |
The MITRE Corporation |
2022-02-22 +00:00 |
Updated Mitigations, References |