Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.(Citation: FireEye APT38 Oct 2018)(Citation: DOJ Lazarus Sony 2018) By manipulating stored data, adversaries may attempt to affect a business process, organizational understanding, and decision making.
Stored data could include a variety of file formats, such as Office files, databases, stored emails, and custom file formats. The type of modification and the impact it will have depends on the type of data as well as the goals and objectives of the adversary. For complex systems, an adversary would likely need special expertise and possibly access to specialized software related to the system that would typically be gained through a prolonged information gathering campaign in order to have the desired impact.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| UEM-08 | Storage Encryption | mitigates | T1565.001 | Stored Data Manipulation |
Comments
This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important information reduces an adversary’s ability to perform tailored data modifications.
References
|
| I&S-07 | Migration to Cloud Environments | mitigates | T1565.001 | Stored Data Manipulation |
Comments
This control provides for the use of secure and encrypted communication
channels when migrating to cloud environments. Encrypting data at all stages, from storage to transmission, ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important information reduces an adversary’s ability to perform tailored data modifications.
References
|
| CEK-03 | Data Encryption | mitigates | T1565.001 | Stored Data Manipulation |
Comments
This control provides cryptographic protection for data-at-rest within the cloud environment. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important information reduces an adversary’s ability to perform tailored data modifications.
References
|
| DSP-15 | Limitation of Production Data Use | mitigates | T1565.001 | Stored Data Manipulation |
Comments
This control describes how the CSP and CSC must independently implement technical safeguards such as network segmentation, encryption (at rest and in transit), secure key management, and access controls to prevent unauthorized replication or use of production data in non-production environments. For this technique, adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data. In terms of mitigation, encrypting important information to reduce an adversary’s ability to perform tailored data modifications such as replication of data from production to non-production environments. Also, enforcing least privilege principles applied to important information resources could reduce exposure to data manipulation risk from different systems and environments.
References
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1565.001 | Stored Data Manipulation |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, consider encrypting important information to reduce an adversary’s ability to perform tailored data modifications.
References
|