The sub-techniques beta is now live! Read the release blog post for more info.

Encrypt Sensitive Information

Protect sensitive information with strong encryption.

ID: M1041
Version: 1.0
Created: 11 June 2019
Last Modified: 11 June 2019

Techniques Addressed by Mitigation

Domain ID Name Description
Enterprise T1527 Application Access Token

File encryption should be enforced across email communications containing sensitive information that may be obtained through access to email services.

Enterprise T1119 Automated Collection

Encryption and off-system storage of sensitive information may be one way to mitigate collection of files, but may not stop an adversary from acquiring the information if an intrusion persists over a long period of time and the adversary is able to discover and access the data through other means. Strong passwords should be used on certain encrypted documents that use them to prevent offline cracking through Brute Force techniques.

Enterprise T1530 Data from Cloud Storage Object

Encrypt data stored at rest in cloud storage. Managed encryption keys can be rotated by most providers. At a minimum, ensure an incident response plan to storage breach includes rotating the keys and test for impact on client applications.[2][3]

Enterprise T1114 Email Collection

Use of encryption provides an added layer of security to sensitive information sent over email. Encryption using public key cryptography requires the adversary to obtain the private certificate along with an encryption key to decrypt messages.

Enterprise T1070 Indicator Removal on Host

Obfuscate/encrypt event files locally and in transit to avoid giving feedback to an adversary.

Enterprise T1208 Kerberoasting

Enable AES Kerberos encryption (or another stronger encryption algorithm), rather than RC4, where possible.[1]

Enterprise T1040 Network Sniffing

Ensure that all wired and/or wireless traffic is encrypted appropriately. Use best practices for authentication protocols, such as Kerberos, and ensure web traffic that may contain credentials is protected by SSL/TLS.

Enterprise T1145 Private Keys

When possible, store keys on separate cryptographic hardware instead of on the local system.

Enterprise T1492 Stored Data Manipulation

Consider encrypting important information to reduce an adversaries ability to perform tailored data modifications.

Enterprise T1493 Transmitted Data Manipulation

Encrypt all important data flows to reduce the impact of tailored modifications on data in transit.

References