Adversaries may target user email on local systems to collect sensitive information. Files containing email data can be acquired from a user’s local system, such as Outlook storage or cache files.
Outlook stores data locally in offline data files with an extension of .ost. Outlook 2010 and later supports .ost file sizes up to 50GB, while earlier versions of Outlook support up to 20GB.(Citation: Outlook File Sizes) IMAP accounts in Outlook 2013 (and earlier) and POP accounts use Outlook Data Files (.pst) as opposed to .ost, whereas IMAP accounts in Outlook 2016 (and later) use .ost files. Both types of Outlook data files are typically stored in C:\Users\<username>\Documents\Outlook Files or C:\Users\<username>\AppData\Local\Microsoft\Outlook.(Citation: Microsoft Outlook Files)
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| DSP-10 | Sensitive Data Transfer | mitigates | T1114.001 | Local Email Collection |
Comments
The control describes the implementation of strong technical and procedural safeguards, such as TLS with strong keys)to protect sensitive data during transfer and prevent unauthorized access or interception. For this technique, the use of encryption provides an added layer of security to sensitive information sent over email.
References
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1114.001 | Local Email Collection |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, the use of encryption provides an added layer of security to sensitive information sent over email. Encryption using public key cryptography requires the adversary to obtain the private certificate along with an encryption key to decrypt messages.
References
|