T1491 Defacement

Adversaries may deface visual content through modifying data and files in cloud storage objects, including website files. Periodically backing up data stored in the cloud; ensuring backup confidentiality, integrity, and availability; and verifying data restoration from backup provides data protection and allows for quick recovery from defacement attacks.

This control describes the shared responsibility of both the CSP and CSC for securely managing data retention, archiving, and deletion across all cloud service models. Implementation involves establishing secure tools and processes for data retention, configuring backups, enforcing retention policies, and maintaining safeguards within each party’s environment. For this technique, adversaries may modify visual content available internally or externally to an enterprise network, thus affecting the integrity of the original content. In terms of mitigation, taking regular data backups that can be used to restore organizational data can limit the impact of this technique.

Adversaries may modify visual content available internally or externally to an enterprise network, thus affecting the integrity of the original content. This control establishes and regularly evaluates processes, procedures, and technical measures to ensure continuous operations of the datacenter, mitigating attacker techniques such as denial‑of‑service and other availability‑impacting attacks that seek to disrupt business and operational continuity.