Exfiltration Over Other Network Medium: Эксфильтрация через Bluetooth
Other sub-techniques of Exfiltration Over Other Network Medium (1)
ID | Название |
---|---|
.001 | Эксфильтрация через Bluetooth |
Adversaries may attempt to exfiltrate data over Bluetooth rather than the command and control channel. If the command and control network is a wired Internet connection, an adversary may opt to exfiltrate data using a Bluetooth communication channel. Adversaries may choose to do this if they have sufficient access and proximity. Bluetooth connections might not be secured or defended as well as the primary Internet-connected channel because it is not routed through the same enterprise network.
Примеры процедур |
|
Название | Описание |
---|---|
Flame |
Flame has a module named BeetleJuice that contains Bluetooth functionality that may be used in different ways, including transmitting encoded information from the infected system over the Bluetooth protocol, acting as a Bluetooth beacon, and identifying other Bluetooth devices in the vicinity.(Citation: Symantec Beetlejuice) |
Контрмеры |
|
Контрмера | Описание |
---|---|
Disable or Remove Feature or Program |
Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries. |
Operating System Configuration |
Make configuration changes related to the operating system or a common feature of the operating system that result in system hardening against techniques. |
Обнаружение
Monitor for processes utilizing the network that do not normally have network communication or have never been seen before. Processes that normally require user-driven events to access the network (for example, a web browser opening with a mouse click or key press) but access the network without such may be malicious. Monitor for and investigate changes to host adapter settings, such as addition and/or replication of communication interfaces.
Связанные риски
Каталоги
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.