M1060 Out-of-Band Communications Channel
Establish secure out-of-band communication channels to ensure the continuity of critical communications during security incidents, data integrity attacks, or in-network communication failures. Out-of-band communication refers to using an alternative, separate communication path that is not dependent on the potentially compromised primary network infrastructure. This method can include secure messaging apps, encrypted phone lines, satellite communications, or dedicated emergency communication systems. Leveraging these alternative channels reduces the risk of adversaries intercepting, disrupting, or tampering with sensitive communications and helps coordinate an effective incident response.21
| Item | Value |
|---|---|
| ID | M1060 |
| Version | 1.0 |
| Created | 30 August 2024 |
| Last Modified | 12 October 2024 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Addressed by Mitigation
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1213 | Data from Information Repositories | Create plans for leveraging a secure out-of-band communications channel, rather than existing in-network chat applications, in case of a security incident.2 |
| enterprise | T1213.005 | Messaging Applications | Implement secure out-of-band communication channels to use as an alternative to in-network chat applications during a security incident. This ensures that critical communications remain secure even if primary messaging channels are compromised by adversaries.2 |
| enterprise | T1114 | Email Collection | Use secure out-of-band authentication methods to verify the authenticity of critical actions initiated via email, such as password resets, financial transactions, or access requests. For highly sensitive information, utilize out-of-band communication channels instead of relying solely on email to prevent adversaries from collecting data through compromised email accounts.2 |
| enterprise | T1114.001 | Local Email Collection | Implement secure out-of-band alerts to notify security teams of unusual local email activities, such as mass forwarding or large attachments being sent, indicating potential data exfiltration attempts.2 |
| enterprise | T1114.002 | Remote Email Collection | Use secure out-of-band authentication methods to verify the authenticity of critical actions initiated via email, such as password resets, financial transactions, or access requests. |
| enterprise | T1114.003 | Email Forwarding Rule | Use secure out-of-band authentication methods to verify the authenticity of critical actions initiated via email, such as password resets, financial transactions, or access requests. |
| enterprise | T1489 | Service Stop | Develop and enforce security policies that include the use of out-of-band communication channels for critical communications during a security incident.2 |
References
-
National Institute of Standards and Technology. (2020, September). Security and Privacy Controlsfor Information Systems and Organizations. Retrieved August 30, 2024. ↩
-
Tyler Hudak. (2022, December 29). To OOB, or Not to OOB?: Why Out-of-Band Communications are Essential for Incident Response. Retrieved August 30, 2024. ↩↩↩↩↩↩