Deceptive Data Masking

Goal: Disrupt attacker attempts to exfiltrate sensitive data by masking or altering its content.

Approach: Modifying sensitive data in transit to render it useless to attackers.

Implement mechanisms that dynamically alter or mask sensitive data as it is being exfiltrated. This can involve encryption, obfuscation, or even replacing the data with decoy information, rendering it useless to the attacker.

Engage Goals: EGO0002 Affect

Engage Approach: EAP0005 Disrupt

Engage Actions: EAC0014 Software Manipulation, EAC0015 Information Manipulation

Name of Element: Deceptive Data Masking

Description of Element:

Goal: Disrupt attacker attempts to exfiltrate sensitive data by masking or altering its content.

Approach: Modifying sensitive data in transit to render it useless to attackers.

Implement mechanisms that dynamically alter or mask sensitive data as it is being exfiltrated. This can involve encryption, obfuscation, or even replacing the data with decoy information, rendering it useless to the attacker.

Technical Context:

This element requires the ability to intercept and modify data in transit. This can be achieved through network security tools, data loss prevention (DLP) solutions, or even by manipulating applications or databases. This aligns with the MITRE ATT&CK technique T1071.001 (Application Layer Protocol: Web Protocols).

Other:

Combine this with deceptive error messages or network delays to further frustrate attackers.

Leave a Reply