Skip to main content
SpringerLink
Log in

Towards Mitigation of Data Exfiltration Techniques Using the MITRE ATT&CK Framework

  • Conference paper
  • First Online:
Digital Forensics and Cyber Crime (ICDF2C 2021)

Included in the following conference series:

Abstract

Network-based attacks and their mitigation are of increasing importance in our ever-connected world. Besides denial of service a major goal of today’s attackers is to gain access to the victim’s data (e.g. for espionage or blackmailing purposes). Hence the detection and prevention of data exfiltration is one of the major challenges of institutions connected to the Internet. The cyber security community provides different standards and best-practices on both high and fine-granular level to handle this problem. In this paper we propose a conclusive process, which links Cyber Threat Intelligence (CTI) and Information Security Management Systems (ISMS) in a dynamic manner to reduce the risk of unwanted data loss through data exfiltration. While both CTI and ISMS are widespread in modern cyber security strategies, most often they are implemented concurrently. Our process, however, is based on the hypothesis that the mitigation of data loss is improved if both CTI and ISMS interact with one another and complement each other conclusively. Our concept makes use of the MITRE ATT&CK framework in order to enable (partial) automatic execution of our process chain and to execute proactive simulations to measure the effectiveness of the implemented countermeasures and to identify any security gaps that may exist.

Supported by organization Bundeswehr University Munich.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Object Management Group (OMG). Business Process Model and Notation (2021). https://www.bpmn.org/. Accessed 27 Apr 2021

  2. Organization for the Advancement of Structured Information Standards (OASIS). OASIS TC Open Repository: Python APIs for STIX 2 (2020). https://github.com/oasis-open/cti-python-stix2. Accessed 10 May 2021

  3. Sabir, B., Ullah, F., Babar, M.A., Gaire, R.: Machine learning for detecting data exfiltration: a review. Comput. Sci. (2020)

    Google Scholar 

  4. Cohen, F.: Bad decision-making OR Making bad decisions (2021). http://all.net/. Accessed 05 May 2021

  5. OASIS Cyber Threat Intelligence Technical Committee: STIX 2 Python API Documentation (2021). https://stix2.readthedocs.io/en/latest/. Accessed 10 May 2021

  6. MITRE Cooperation: MITRE ATT&CK Group Silver Terrier (2021). https://attack.mitre.org/groups/G0083/. Accessed 31 May 2021

  7. MITRE Cooperation: MITRE ATT&CK Scripts (2021). https://github.com/mitre-attack/attack-scripts/tree/master/scripts. Accessed 15 May 2021

  8. MITRE Cooperation: MITRE ATT&CK Software Agent Tesla (2021). https://attack.mitre.org/software/S0331/. Accessed 31 May 2021

  9. MITRE Cooperation: MITRE ATT&CK Technique Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (2021). https://attack.mitre.org/techniques/T1048/003/. Accessed 31 May 2021

  10. Dehghantanha, A., Conti, M., Dargahi, T.: Cyber threat intelligence. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-73951-9

    Book  Google Scholar 

  11. Tychalas, D., Keliris, A., Maniatakos, M.: LED alert: supply chain threats for stealthy data exfiltration in industrial control systems. In: 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design (IOLTS) On-Line Testing and Robust System Design (IOLTS) (2019)

    Google Scholar 

  12. Ghinita, G., Bertino, E.: Towards mechanisms for detection and prevention of data exfiltration by insiders: keynote talk paper. In: ASIACCS 2011: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (2011). https://doi.org/10.1145/1966913.1966916

  13. Kühn, H., Bayer, F.: Prozessmanagement für Experten, Impulse für aktuelle und wiederkehrende Themen. Springer, Heidelberg (2013)

    Google Scholar 

  14. Louvieris, P., Ioannou, G., Powel, G.: A Markov multi-phase transferable belief model: an application for predicting data exfiltration APTs. In: Proceedings of the 16th International Conference on Information Fusion Information Fusion (FUSION) (2013)

    Google Scholar 

  15. Halder, S., Ozdemir, S.: Hands-On Machine Learning for Cybersecurity: Safeguard Your System by Making Your Machines Intelligent Using the Python Ecosystem. 9781788992282. 9781788990967. Packt Publishing, Birmingham (2018)

    Google Scholar 

  16. Anaconda Inc. Anaconda - Data Science technology for human sensemaking (2021). https://www.anaconda.com/. Accessed 01 Apr 2021

  17. International Electronical Commission (IEC) International Standard Organization (ISO): Information Security Management (2013). https://www.iso.org/isoiec-27001-information-security.html. Accessed 30 Apr 2021

  18. International Electronical Commission (IEC) International Standard Organization (ISO): Information technology—Security techniques—Code of practice for information security controls (2013). https://www.iso.org/isoiec-27001-information-security.html. Accessed 30 Apr 2021

  19. International Electronical Commission (IEC) International Standard Organization (ISO): Information technology—Security techniques—Information security management systems—Overview and vocabulary (2018). https://standards.iso.org/ittf/PubliclyAvailableStandards/c073906_ISO_IEC_27000_2018_E.zip. Accessed 30 Apr 2021

  20. Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: Blind-box: deep packet inspection over encrypted traffic. In: SIGCOMM 2015: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication (2015). https://dl.acm.org/doi/10.1145/2785956.2787502

  21. Benton, K., Camp, L.J.: Firewalling scenic routes: preventing data exfiltration via political and geographic routing policies In: SafeConfig 2016: Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense (2016). https://doi.org/10.1145/2994475.2994477

  22. Liu, Y., Corbett, C., Chiang, K., Archibald, R., Mukherjee, B., Ghosal, D.: Detecting sensitive data exfiltration by an insider attack. In: CSIIRW 2008: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead (2008). https://doi.org/10.1145/1413140.1413159

  23. Tatam, M., Shanmugam, B., Azam, S., Kannoorpatti, K.: A review of threat modelling approaches for APT-style attacks. In: Heliyon (2021). https://www.cell.com/heliyon/fulltext/S2405-8440(21)00074-8

  24. Mavroeidis, V., Bromander, S.: Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence (2021). https://www.duo.uio.no/bitstream/handle/10852/58492/CTI_Mavroeidis.pdf?sequence=4. Accessed 02 May 2021

  25. Miloslavskaya, N.: Stream data analytics for network attacks prediction. Procedia Comput. Sci. 169, 57–62 (2020). https://www.sciencedirect.com/science/article/pii/S1877050920302374

  26. MITRE. ATT&CK Version 9.0. The Cyber Threat Intelligence Repository of MITRE ATTCK and CAPED catalogs expressed in STIX 2.0 JSON (2021). https://github.com/mitre/cti. Accessed 10 May 2021

  27. MITRE. MITRE ATT&CK Framework (2021). https://attack.mitre.org/. Accessed 30 Mar 2021

  28. MITRE: MITRE ATT&CK NAVIGATOR (2021). https://mitreattack.github.io/attack-navigator/. Accessed 30 Mar 2021

  29. Allawi, M.A.A., Hadi, A., Awajan, A.: MLDED: multi-layer data exfiltration detection system. In: 2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (2015)

    Google Scholar 

  30. Guri, M., Solewicz, Y., Daidakulov, A., Elovici, Y.: Fansmitter: acoustic data exfiltration from (speakerless) air-gapped computers. Comput. Sci. (2016)

    Google Scholar 

  31. Haber, M.J., Hibbert, B.: Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations. Apress, Berkeley (2018). ISBN 9781484236260

    Google Scholar 

  32. MWR InfoSecurity (Head Office). Detecting and Deterring Data Exfiltration - Guide for Implementers. In: Centre for the Protection of National Infrastructure (2014). https://www.researchgate.net/profile/Mohamed_ Mourad_Lafifi/ post/Any _good_ ICS_Dataset_ contains_exfiltration_data_leakages/attachment/5be5a43fcfe4a7645500ee64/AS%3A691074662141959%401541776447655/download/Detecting-Deterring-Data-Exfiltration-Guide-for-Implementers-.pdf

  33. Maltego Organization: Website Maltego (2021). https://www.maltego.com/. Accessed 20 Apr 2021

  34. Rajba, P., Mazurczyk, W.: Exploiting minification for data hiding purposes. In: ARES 2020: Proceedings of the 15th International Conference on Availability, Reliability and Security (2020). https://doi.org/10.1145/3407023.3409209

  35. Ashley, T., Kwon, R., Sri, N.: Cyber threat dictionary using MITRE ATT&CK matrix and NIST cybersecurity framework mapping. In: 2020 Resilience Week (RWS) Resilience Week (RWS), pp. 106–112 (2020)

    Google Scholar 

  36. Ruef, M.: Monitoring-Detecting Attacks with MITRE ATT&CK. In: scip Labs, Zenodo (2019)

    Google Scholar 

  37. Antonatos, S., Braghin, S.: 4Kdump: exfiltrating files via hexdump and video capture. In: CS2 2019: Proceedings of the Sixth Workshop on Cryptography and Security in Computing Systems (2019). https://dl.acm.org/doi/10.1145/3304080.3304081

  38. Sparx Systems. Website Sparx Systems - Enterprise Architect (2021). https://www.sparxsystems.de/. Accessed 21 Apr 2021

  39. Xu, Y., Yang, Y., He, Y.: A representation of business oriented cyber threat intelligence and the objects assembly. In: IEEE 10th International Conference on Information Science and Technology (ICIST) Information Science and Technology (ICIST) (2020). https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7795373

  40. Yoon, S.: Steganography in the modern attack landscape. In: Carbon Black (2019). https://www.carbonblack.com/blog/steganography-in-the-modern-attack-landscape/

Download references

Author information

Authors and Affiliations

  1. Esri Deutschland GmbH, Bonn, Germany

    Michael Mundt

  2. Research Institute CODE, Universität der Bundeswehr München, Neubiberg, Germany

    Michael Mundt & Harald Baier

Authors
  1. Michael Mundt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Harald Baier
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Mundt .

Editor information

Editors and Affiliations

  1. School of Computer Science, University College Dublin, Dublin, Ireland

    Pavel Gladyshev

  2. State University of New York, University at Albany, Albany, NY, USA

    Sanjay Goel

  3. DFIR Science, Champaign, IL, USA

    Joshua James

  4. Missouri University, Rolla, MO, USA

    George Markowsky

  5. Rochester Institute of Technology, Rochester, NY, USA

    Daryl Johnson

Rights and permissions

Reprints and permissions

Copyright information

© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mundt, M., Baier, H. (2022). Towards Mitigation of Data Exfiltration Techniques Using the MITRE ATT&CK Framework. In: Gladyshev, P., Goel, S., James, J., Markowsky, G., Johnson, D. (eds) Digital Forensics and Cyber Crime. ICDF2C 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 441. Springer, Cham. https://doi.org/10.1007/978-3-031-06365-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-06365-7_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-06364-0

  • Online ISBN: 978-3-031-06365-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation