Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| intel-tdt | Intel Threat Detection Technology | CrowdStrike AMS | T1041 | Exfiltration Over C2 Channel |
Comments
Intel Threat Detection Technology (TDT), combined with CrowdStrike Falcon Accelerated Memory Scanning (CAMS), enhances cybersecurity defenses by enabling faster, real-time detection of exfiltration over Command and Control (C2) channels. This integrated solution strengthens CrowdStrike Falcon, improving its ability to detect and mitigate cyber threats earlier in the kill chain, all while minimizing system performance impact.
Exfiltration over C2 involves adversaries using a Command and Control (C2) infrastructure to stealthily send sensitive data from compromised systems to an external server. This type of data exfiltration is often encrypted or obfuscated to avoid detection, and it may occur through various C2 protocols such as HTTP, DNS, or custom protocols. Intel TDT plays a crucial role in identifying these threats by providing real-time telemetry on program execution, memory access, and control flow, enabling rapid detection of abnormal behaviors that could indicate data being siphoned through C2 channels.
Additionally, CAMS offloads the memory scanning workload from the CPU to the Intel Integrated GPU, ensuring faster and more efficient detection of malicious activity without degrading system performance. CAMS helps identify suspicious behaviors such as unauthorized data transfers, unusual network connections, or attempts to evade security controls during data exfiltration via C2 channels, providing proactive defense against these covert data theft techniques.
References
|