Common, high volume protocols and software
Certain types of traffic (e.g., Twitter14, HTTP) are more commonly used than others. Utilizing more common protocols and software may make an adversary's traffic more difficult to distinguish from legitimate traffic. 
Tactic: Adversary Opsec
DetectionDetectable by Common Defenses (Yes/No/Partial): No
Explanation: High level of entropy in communications. High volume of communications makes it extremely hard for a defender to distinguish between legitimate and adversary communications.
Difficulty for the AdversaryEasy for the Adversary (Yes/No): Yes
Explanation: Communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to decipher or to make the communication less conspicuous.
- Eric Chien and Gavin O’Gorman. (n.d.). The Nitro Attacks: Stealing Secrets from the Chemical Industry. Retrieved March 1, 2017.