Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| UEM-11 | Data Loss Prevention | mitigates | T1041 | Exfiltration Over C2 Channel |
Comments
Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications. This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations.
References
|
| DSP-04 | Data Classification | mitigates | T1041 | Exfiltration Over C2 Channel |
Comments
Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.
This control enforces the classification of data by type, criticality, and sensitivity level to enable appropriate protections (including DLP measures), mitigating attacker techniques such as data exfiltration, unauthorized disclosure, and the misuse of unprotected sensitive information. DLP can detect and block sensitive data being uploaded via known malicious C2 channels and unencrypted protocols.
References
|