Deceptive Data Channels

Engage Goals: EGO0002 Affect

Engage Approach: EAP0004 Direct, EAP0005 Disrupt

Engage Actions: EAC0016 Network Manipulation, EAC0017 Hardware Manipulation

Name of Element: Deceptive Data Channels

Description of Element:

Goal: Redirect attacker exfiltration attempts to controlled channels or disrupt their operations.

Approach: Creating fake data channels that appear to be valuable exfiltration routes.

Set up fake network channels, storage devices, or cloud services that appear to be ideal for data exfiltration. Redirect attacker traffic to these channels to capture exfiltrated data, analyze their methods, or disrupt their operations.

Technical Context:

This element can involve manipulating network routes, creating fake cloud storage accounts, or even deploying physical devices like USB drives with hidden monitoring capabilities. This aligns with the MITRE ATT&CK technique T1041 (Exfiltration Over C2 Channel).

Other:

Combine this with deceptive network monitoring to make the fake channels appear more active or attractive.

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense