SSL certificate tampering

Classification:

attack

Tactic:

TA0005-defense-evasion

Technique:

T1553-subvert-trust-controls

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detect potential tampering with SSL certificates.

Strategy

SSL certificates, and other forms of trust controls establish trust between systems. Attackers may attempt to subvert trust controls such as SSL certificates in order to trick systems or users into trusting attacker-owned assets such as fake websites, or falsely signed applications.

Triage and response

  1. Check whether there were any planned changed to the SSL certificates stores in your infrastructure.
  2. If these changes are not acceptable, roll back the host or container in question to a known trustworthy configuration.
  3. Investigate security signals (if present) occurring around the time of the event to establish an attack path.
  4. Find and repair the root cause of the exploit.

Requires Agent version 7.27 or greater