Skip to main content

CCC.Monitor.TH05: Data Exfiltration Through Tampered Metrics

Threat ID:CCC.Monitor.TH05
Title:Data Exfiltration Through Tampered Metrics
Description:

If a malicious actor is able to make changes to the metrics being collected, it could be used to encrypt and or compress sensitive data and bypass controls preventing exfiltration. The data can then be staged in the monitoring system and exfiltrated in bulk at a later point in time

External Mappings

Reference IDEntry IDStrengthRemarks
MITRE-ATT&CK
T1560
0
Archive Collected Data
MITRE-ATT&CK
T1074
0
Data Staged
MITRE-ATT&CK
T1567
0
Exfiltration Over Web Service

Controls

IDTitleObjectiveControl FamilyThreat MappingsGuideline MappingsAssessment Requirements
CCC.Monitor.C06Metrics pushed for authorised services onlyUse IAM to control which types of metrics or traces can be pushed by different system to avoid a compromised system pushing fabricated metrics about a different service Identity and Access Management
1
2
1