Engage Goals: EGO0002 Affect
Engage Approach: EAP0005 Disrupt
Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls
Name of Element: Deceptive User Permissions
Description of Element:
Goal: Thwart attackers’ attempts to exploit user permissions for lateral movement or unauthorized access.
Approach: Implementing misleading access control lists (ACLs) or fake permissions to misdirect attackers.
Configure deceptive permissions on files, folders, or other resources that suggest access to sensitive data or critical systems. These permissions can lead attackers toward decoy assets or trigger alerts upon unauthorized access attempts.
Technical Context:
This element requires integration with the access control mechanisms of the operating system or application. It can be implemented by manipulating file system ACLs, database permissions, or other access control configurations. This aligns with the MITRE ATT&CK technique T1069 (Permission Groups Discovery).
Other:
This element can be combined with deceptive user profiles to create a more believable illusion. For example, fake user accounts can be assigned deceptive permissions to make them appear more attractive to attackers.