T1114.002 Remote Email Collection

This diagnostic statement protects against Remote Email Collection through the use of privileged account management and the use of multi-factor authentication.

This diagnostic statement provides protection from adversaries that try to gain sensitive information and data from users via email. Utilizing methods such as encryption and MFA are recommended to minimize the risk of adversaries collecting user's credentials via exchange servers from within a network.

This diagnostic statement is associated with employing encryption methods to mitigate unauthorized access or theft of data that protect the confidentiality and integrity of data-at-rest, data-in-use, and data-in-transit. To address threats to email collection, the use of encryption provides an added layer of security to sensitive information sent over email. Encryption using public key cryptography requires the adversary to obtain the private certificate along with an encryption key to decrypt messages. File encryption should be enforced across email communications containing sensitive information that may be obtained through access to email services.

This diagnostic statement protects against Email Collection through the use of revocation of keys and key management. Employing key protection strategies such as ensuring proper encryption methods and key management for those used in email along with policies for sending cryptographic material over email, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to glean credentials from emails.

This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries found in emails. It also prevents adversaries from manipulating data via exchange server, Office 365, or Google Workspace from trying to collect sensitive information. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.

This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries found in emails. It also prevents adversaries from manipulating data via exchange server, Office 365, or Google Workspace from trying to collect sensitive information. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.

This diagnostic statement protects against Remote Email Collection through the use of hardened access control policies, secure defaults, password complexity requirements, multifactor authentication requirements, and removal of terminated accounts.

This diagnostic statement is associated with employing strong encryption methods to mitigate unauthorized access or theft of data that protect the confidentiality and integrity of data-at-rest, data-in-use, and data-in-transit. To address threats to email collection, the use of encryption provides an added layer of security to sensitive information sent over email. Encryption using public key cryptography requires the adversary to obtain the private certificate along with an encryption key to decrypt messages. File encryption should be enforced across email communications containing sensitive information that may be obtained through access to email services.