Adversaries may attempt to exfiltrate data over Bluetooth rather than the command and control channel. If the command and control network is a wired Internet connection, an adversary may opt to exfiltrate data using a Bluetooth communication channel.
Adversaries may choose to do this if they have sufficient access and proximity. Bluetooth connections might not be secured or defended as well as the primary Internet-connected channel because it is not routed through the same enterprise network.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.PS-01.01 | Configuration baselines | Mitigates | T1011.001 | Exfiltration Over Bluetooth |
Comments
This diagnostic statement provides for securely configuring production systems. This includes hardening default configurations and making security-focused setting adjustments to reduce the attack surface, enforce best practices, and protect sensitive data thereby mitigating adversary exploitation.
References
|
| PR.PS-01.02 | Least functionality | Mitigates | T1011.001 | Exfiltration Over Bluetooth |
Comments
This diagnostic statement provides for limiting unnecessary software, services, ports, protocols, etc. Ensuring systems only have installed and enabled what is essential for their operation reduces the attack surface and minimizes vulnerabilities, which mitigates a wide range of techniques.
References
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1011.001 | Exfiltration Over Bluetooth |
Comments
This diagnostic statement provides protection from Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
References
|
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CM-06 | Configuration Settings | mitigates | T1011.001 | Exfiltration Over Bluetooth | |
| CM-08 | System Component Inventory | mitigates | T1011.001 | Exfiltration Over Bluetooth | |
| RA-05 | Vulnerability Monitoring and Scanning | mitigates | T1011.001 | Exfiltration Over Bluetooth | |
| SI-03 | Malicious Code Protection | mitigates | T1011.001 | Exfiltration Over Bluetooth | |
| AC-18 | Wireless Access | mitigates | T1011.001 | Exfiltration Over Bluetooth | |
| CM-02 | Baseline Configuration | mitigates | T1011.001 | Exfiltration Over Bluetooth | |
| CM-07 | Least Functionality | mitigates | T1011.001 | Exfiltration Over Bluetooth | |
| SI-04 | System Monitoring | mitigates | T1011.001 | Exfiltration Over Bluetooth |
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| action.hacking.variety.Use of stolen creds | Use of stolen or default authentication credentials (including credential stuffing) | related-to | T1011.001 | Exfiltration Over Bluetooth | |
| attribute.confidentiality.data_disclosure | None | related-to | T1011.001 | Exfiltration Over Bluetooth |