Adversaries may use fallback or alternate communication channels if the primary channel is compromised or inaccessible in order to maintain reliable command and control and to avoid data transfer thresholds.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| I&S-03 | Network Security | mitigates | T1008 | Fallback Channels |
Comments
This control provides for monitoring, encrypting, and restricting communications between environments. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific malware can be used to mitigate activity at the network level.
References
|
| I&S-06 | Segmentation and Segregation | mitigates | T1008 | Fallback Channels |
Comments
This control provides for appropriately segmented and segregated cloud environments. Virtual private cloud (VPC) security groups and network access control lists (NACLs) can be used to restrict external network access and mitigate adversary use of fallback or alternative communication channels.
References
|
| I&S-09 | Network Defense | mitigates | T1008 | Fallback Channels |
Comments
This control provides for the implementation of defense-in-depth network security controls for securing the cloud environment. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific malware can be used to mitigate activity at the network level. Virtual private cloud (VPC) security groups and network access control lists (NACLs) can be used to restrict external network access and mitigate adversary use of fallback or alternative communication channels.
References
|