ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引页]

译者: 林妙倩(清华大学网络研究院网络空间安全实习生)、戴亦仑(赛宁网安) 原创翻译作品,如果需要转载请取得翻译作者同意。

数据来源:ATT&CK Matrices

原文: https://attack.mitre.org/techniques/T1493

术语表: /attack/glossary

传输数据操作

攻击者可以更改数据到存储或其他系统的路径,以操纵外部结果或隐藏活动。通过操纵传输的数据,对手可能会尝试影响业务流程,组织理解和决策。

可以通过网络连接或在系统进程之间进行操纵,其中有机会部署将拦截和更改信息的工具。修改的类型及其影响取决于目标传播机制以及对手的目的和目标。对于复杂的系统,对手可能需要特殊的专业知识,并且可能需要访问与该系统相关的专用软件,这通常是通过长时间的信息收集活动来获得的,以产生所需的影响。

Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity. By manipulating transmitted data, adversaries may attempt to affect a business process, organizational understanding, and decision making.

Manipulation may be possible over a network connection or between system processes where there is an opportunity deploy a tool that will intercept and change information. The type of modification and the impact it will have depends on the target transmission mechanism as well as the goals and objectives of the adversary. For complex systems, an adversary would likely need special expertise and possibly access to specialized software related to the system that would typically be gained through a prolonged information gathering campaign in order to have the desired impact.

标签

ID编号: T1493

策略: 影响

平台: Linux,macOS,Windows

所需权限:user,administrator,root,SYSTEM

数据源: 数据包捕获,网络协议分析

影响类型: 完整性

程序示例

名称 描述
APT38 (G0082) APT38 已使用DYEPACK来处理到打印机的SWIFT消息。
LightNeuron (S0395) LightNeuron能够在传输过程中修改电子邮件内容,标头和附件。
Name Description
APT38 (G0082) APT38 has used DYEPACK to manipulate SWIFT messages en route to a printer.
LightNeuron (S0395) LightNeuron is capable of modifying email content, headers, and attachments during transit.

缓解措施

缓解 描述
加密敏感信息 (M1041) 对所有重要数据流进行加密,以减少量身定制的修改对传输中的数据的影响。
Mitigation Description
Encrypt Sensitive Information (M1041) Encrypt all important data flows to reduce the impact of tailored modifications on data in transit.

检测

如果没有适当的工具,则很难通过网络检测数据的操作。在某些情况下,关键文件在通过网络时可能会使用完整性验证检查(例如文件哈希)。对于一些涉及数据传输的关键过程,手动或带外完整性检查对于识别操纵数据可能很有用。

Detecting the manipulation of data as at passes over a network can be difficult without the appropriate tools. In some cases integrity verification checks, such as file hashing, may be used on critical files as they transit a network. With some critical processes involving transmission of data, manual or out-of-band integrity checking may be useful for identifying manipulated data.