Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data.(Citation: Sygnia Elephant Beetle Jan 2022) By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.
The type of modification and the impact it will have depends on the target application and process as well as the goals and objectives of the adversary. For complex systems, an adversary would likely need special expertise and possibly access to specialized software related to the system that would typically be gained through a prolonged information gathering campaign in order to have the desired impact.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| UEM-08 | Storage Encryption | mitigates | T1565 | Data Manipulation |
Comments
This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important information reduces an adversary’s ability to perform tailored data modifications.
References
|
| I&S-07 | Migration to Cloud Environments | mitigates | T1565 | Data Manipulation |
Comments
This control provides for the use of secure and encrypted communication
channels when migrating to cloud environments. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important information reduces an adversary’s ability to perform tailored data modifications.
References
|
| CEK-03 | Data Encryption | mitigates | T1565 | Data Manipulation |
Comments
This control provides cryptographic protection for data-at-rest and data-in-transit within the cloud environment. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important information reduces an adversary’s ability to perform tailored data modifications.
References
|
| DSP-16 | Data Retention and Deletion | mitigates | T1565 | Data Manipulation |
Comments
This control describes the shared responsibility of both the CSP and CSC for securely managing data retention, archiving, and deletion across all cloud service models. Implementation involves establishing secure tools and processes for data retention, configuring backups, enforcing retention policies, and maintaining safeguards within each party’s environment. For this technique, adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
In terms of mitigation, backups that are stored off system and are protected from common methods adversaries may use to gain access and manipulate backups can lessen the impact of this technique.
References
|
| DSP-15 | Limitation of Production Data Use | mitigates | T1565 | Data Manipulation |
Comments
This control describes how the CSP and CSC must independently implement technical safeguards such as network segmentation, encryption (at rest and in transit), secure key management, and access controls to prevent unauthorized replication or use of production data in non-production environments. For this technique, adversaries may insert, delete, replicate, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
In terms of mitigation, identifying critical business and system processes that may be targeted by adversaries and working to isolate and secure those systems against unauthorized access and tampering.
References
|
| DSP-10 | Sensitive Data Transfer | mitigates | T1565 | Data Manipulation |
Comments
The control describes the implementation of strong technical and procedural safeguards, such as TLS with strong keys)to protect sensitive data during transfer and prevent unauthorized access or interception. For this technique, encrypt all important data flows to reduce the impact of tailored modifications on data in transit. Also, In cloud environments, use VPCs, subnets, and security groups to isolate applications and enforce traffic rules on those systems to mitigate any against unauthorized access and tampering.
References
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1565 | Data Manipulation |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, consider encrypting important information to reduce an adversary’s ability to perform tailored data modifications.
References
|
| Technique ID | Technique Name | Number of Mappings |
|---|---|---|
| T1565.001 | Stored Data Manipulation | 5 |
| T1565.003 | Runtime Data Manipulation | 1 |
| T1565.002 | Transmitted Data Manipulation | 5 |