SSL certificate tampering

Classification:

attack

Tactic:

TA0005-defense-evasion

Technique:

T1553-subvert-trust-controls

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Goal

Detect potential tampering with SSL certificates.

Strategy

SSL certificates, and other forms of trust controls establish trust between systems. Attackers may attempt to subvert trust controls such as SSL certificates in order to trick systems or users into trusting attacker-owned assets such as fake websites, or falsely signed applications.

Triage and response

  1. Check whether there were any planned changed to the SSL certificates stores in your infrastructure.
  2. If these changes are not acceptable, roll back the host or container in question to a known trustworthy configuration.
  3. Investigate security signals (if present) occurring around the time of the event to establish an attack path.
  4. Find and repair the root cause of the exploit.

Requires Agent version 7.27 or greater