T 5.145 Manipulation of data and tools for patch and change management

Patch and change management normally act from a central location. Due to their exposed position, they are particularly in danger of attack. Should attackers manage to take over the servers involved, they would be able to distribute manipulated software versions simultaneously to a large number of IT systems using this central location.

Often, further points of attack are created by the fact that these systems are operated by external partners (outsourcing). Maintenance accesses may also be created allowing attackers to access the central server for distributing patches and changes.

Example:

• If a patch and change management tool downloads data from an internet source without the authenticity of the website being checked and the connection being protected, there is the risk that an attacker may implant manipulated packets using this flow of data. This way, the attacker may gain access to the central system for change management and to the patched systems.
• In a company, attackers managed to take over the central update server of a Linux distribution. Then, they replaced important program packets by Trojanised versions. Every user of the update server therefore installed malware and with it access for the attackers to his/her computer.