Adversaries may schedule data exfiltration to be performed only at certain times of day or at certain intervals. This could be done to blend traffic patterns with normal activity or availability.
When scheduled exfiltration is used, other exfiltration techniques likely apply as well to transfer the information out of the network, such as Exfiltration Over C2 Channel or Exfiltration Over Alternative Protocol.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| I&S-03 | Network Security | mitigates | T1029 | Scheduled Transfer |
Comments
This control provides for monitoring, encrypting, and restricting communications between environments. Network intrusion detection and prevention systems that use network signatures to identify traffic for adversary command and control infrastructure, unexpected network connections or traffic, and malware can be used to mitigate activity at the network level.
References
|
| I&S-09 | Network Defense | mitigates | T1029 | Scheduled Transfer |
Comments
This control provides for the implementation of defense-in-depth network security controls for securing the cloud environment. Network intrusion detection and prevention systems that use network signatures to identify traffic for adversary command and control infrastructure, unexpected network connections or traffic, and malware can be used to mitigate activity at the network level.
References
|