Adversaries may target an Exchange server, Office 365, or Google Workspace to collect sensitive information. Adversaries may leverage a user's credentials and interact directly with the Exchange server to acquire information from within a network. Adversaries may also access externally facing Exchange services, Office 365, or Google Workspace to access email using credentials or access tokens. Tools such as MailSniper can be used to automate searches for specific keywords.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| DSP-10 | Sensitive Data Transfer | mitigates | T1114.002 | Remote Email Collection |
Comments
The control describes the implementation of strong technical and procedural safeguards, such as TLS with strong keys)to protect sensitive data during transfer and prevent unauthorized access or interception. For this technique, the use of encryption provides an added layer of security to sensitive information sent over email.
References
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1114.002 | Remote Email Collection |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, the use of encryption provides an added layer of security to sensitive information sent over email. Encryption using public key cryptography requires the adversary to obtain the private certificate along with an encryption key to decrypt messages.
References
|