Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.(Citation: FireEye APT38 Oct 2018)(Citation: DOJ Lazarus Sony 2018) By manipulating transmitted data, adversaries may attempt to affect a business process, organizational understanding, and decision making.
Manipulation may be possible over a network connection or between system processes where there is an opportunity deploy a tool that will intercept and change information. The type of modification and the impact it will have depends on the target transmission mechanism as well as the goals and objectives of the adversary. For complex systems, an adversary would likely need special expertise and possibly access to specialized software related to the system that would typically be gained through a prolonged information gathering campaign in order to have the desired impact.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| I&S-07 | Migration to Cloud Environments | mitigates | T1565.002 | Transmitted Data Manipulation |
Comments
This control provides for the use of secure and encrypted communication
channels when migrating to cloud environments. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important data flows reduces the impact of adversary tailored data modifications.
References
|
| CEK-03 | Data Encryption | mitigates | T1565.002 | Transmitted Data Manipulation |
Comments
This control provides cryptographic protection for data-in-transit within the cloud environment. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important data flows reduces the impact of adversary tailored data modifications.
References
|
| DSP-15 | Limitation of Production Data Use | mitigates | T1565.002 | Transmitted Data Manipulation |
Comments
This control describes how the CSP and CSC must independently implement technical safeguards such as network segmentation, encryption (at rest and in transit), secure key management, and access controls to prevent unauthorized replication or use of production data in non-production environments. For this technique, adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data. In terms of mitigation, encrypt all important data flows to reduce the impact of tailored modifications on data in transit.
References
|
| DSP-10 | Sensitive Data Transfer | mitigates | T1565.002 | Transmitted Data Manipulation |
Comments
The control describes the implementation of strong technical and procedural safeguards, such as TLS with strong keys)to protect sensitive data during transfer and prevent unauthorized access or interception. For this technique, encrypt all important data flows to reduce the impact of tailored modifications on data in transit. Also, In cloud environments, use VPCs, subnets, and security groups to isolate applications and enforce traffic rules on those systems to mitigate any against unauthorized access and tampering.
References
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1565.002 | Transmitted Data Manipulation |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, encrypt all important data flows to reduce the impact of tailored modifications on data in transit for mitigation.
References
|