Adversaries may insert, delete, or alter data in order to manipulate external outcomes or hide activity. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.
The type of modification and the impact it will have depends on the target application, process, and the goals and objectives of the adversary. For complex systems, an adversary would likely need special expertise and possibly access to specialized software related to the system, typically gained through a prolonged information gathering campaign, in order to have the desired impact.
| ID | Mitigation | Description |
|---|---|---|
| M1006 | Use Recent OS Version |
Recent OS versions have limited access to certain APIs unless certain conditions are met, making Data Manipulation more difficult |
| ID | Data Source | Data Component | Detects |
|---|---|---|---|
| DS0041 | Application Vetting | API Calls |
Application vetting services could look for use of standard APIs (e.g. the clipboard API) that could indicate data manipulation is occurring. |