Network-based hiding techniques

Technical network hiding techniques are methods of modifying traffic to evade network signature detection or to utilize misattribution techniques. Examples include channel/IP/VLAN hopping, mimicking legitimate operations, or seeding with misinformation. [1]

ID: T1315

Tactic: Adversary Opsec

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: Unless defender is dissecting protocols or performing network signature analysis on any protocol deviations/patterns, this technique is largely undetected.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: Some of the hiding techniques require special accesses (network, proximity, physical, etc.) and/or may rely on knowledge of how the defender operates and/or awareness on what visibility the defender has and how it is obtained

References

  1. FireEye. (2015, July). HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group. Retrieved March 6, 2017.