T1600 Weaken Encryption Mappings

Adversaries may compromise a network device’s encryption capability in order to bypass encryption that would otherwise protect data communications. (Citation: Cisco Synful Knock Evolution)

Encryption can be used to protect transmitted network traffic to maintain its confidentiality (protect against unauthorized disclosure) and integrity (protect against unauthorized changes). Encryption ciphers are used to convert a plaintext message to ciphertext and can be computationally intensive to decipher without the associated decryption key. Typically, longer keys increase the cost of cryptanalysis, or decryption without the key.

Adversaries can compromise and manipulate devices that perform encryption of network traffic. For example, through behaviors such as Modify System Image, Reduce Key Space, and Disable Crypto Hardware, an adversary can negatively effect and/or eliminate a device’s ability to securely encrypt network traffic. This poses a greater risk of unauthorized disclosure and may help facilitate data manipulation, Credential Access, or Collection efforts. (Citation: Cisco Blog Legacy Device Attacks)



Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2018-11069 RSA BSAFE SSL-J primary_impact T1600 Weaken Encryption
action.hacking.variety.Cryptanalysis Cryptanalysis. Child of 'Exploit vuln'. related-to T1600 Weaken Encryption
action.malware.variety.Disable controls Disable or interfere with security controls related-to T1600 Weaken Encryption

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1600.002 Disable Crypto Hardware 1
T1600.001 Reduce Key Space 1