Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Symmetric encryption algorithms use the same key for plaintext encryption and ciphertext decryption. Common symmetric encryption algorithms include AES, DES, 3DES, Blowfish, and RC4.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1573.001 | Symmetric Cryptography |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
References
|
| DE.CM-01.01 | Intrusion detection and prevention | Mitigates | T1573.001 | Symmetric Cryptography |
Comments
Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some activity at the network level, specifically adversaries known to conceal C2 traffic with symmetric encryption algorithms.
References
|
| PR.IR-01.03 | Network communications integrity and availability | Mitigates | T1573.001 | Symmetric Cryptography |
Comments
This diagnostic statement protects against Symmetric Cryptography through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.
References
|
| PR.IR-01.04 | Wireless network protection | Mitigates | T1573.001 | Symmetric Cryptography |
Comments
This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.
References
|
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CA-07 | Continuous Monitoring | mitigates | T1573.001 | Symmetric Cryptography | |
| CM-06 | Configuration Settings | mitigates | T1573.001 | Symmetric Cryptography | |
| SC-12 | Cryptographic Key Establishment and Management | mitigates | T1573.001 | Symmetric Cryptography | |
| SC-16 | Transmission of Security and Privacy Attributes | mitigates | T1573.001 | Symmetric Cryptography | |
| SC-23 | Session Authenticity | mitigates | T1573.001 | Symmetric Cryptography | |
| SI-03 | Malicious Code Protection | mitigates | T1573.001 | Symmetric Cryptography | |
| CM-02 | Baseline Configuration | mitigates | T1573.001 | Symmetric Cryptography | |
| CM-07 | Least Functionality | mitigates | T1573.001 | Symmetric Cryptography | |
| SI-04 | System Monitoring | mitigates | T1573.001 | Symmetric Cryptography | |
| AC-04 | Information Flow Enforcement | mitigates | T1573.001 | Symmetric Cryptography | |
| SC-07 | Boundary Protection | mitigates | T1573.001 | Symmetric Cryptography |