T 5.145 Manipulation of data and tools for patch and change management

Patch and change management normally act from a central location. Due to their exposed position, they are particularly in danger of attack. Should attackers manage to take over the servers involved, they would be able to distribute manipulated software versions simultaneously to a large number of IT systems using this central location.

Often, further points of attack are created by the fact that these systems are operated by external partners (outsourcing). Maintenance accesses may also be created allowing attackers to access the central server for distributing patches and changes.

Example: