Message Tampering

medium

message-tampering

Attacker modifies messages in transit between services

TamperingRepudiation

MITRE ATT&CK techniques

ID	Name	Tactic
T1557	Adversary-in-the-Middle	Credential Access

Common Weakness Enumeration

Mitigating controls

ctrl-msg-1: Encrypt messages in transit using TLS
ctrl-msg-2: Implement message signing and verification
ctrl-msg-3: Use authenticated encryption
ctrl-msg-4: Validate message integrity on receipt
ctrl-msg-5: Implement dead-letter queue monitoring and alerting for tampered or poisoned messages
ctrl-msg-6: Restrict producer access using IAM policies or broker-level authorization

References

https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html