Skip to content

T1600 Weaken Encryption

Adversaries may compromise a network device’s encryption capability in order to bypass encryption that would otherwise protect data communications. 1

Encryption can be used to protect transmitted network traffic to maintain its confidentiality (protect against unauthorized disclosure) and integrity (protect against unauthorized changes). Encryption ciphers are used to convert a plaintext message to ciphertext and can be computationally intensive to decipher without the associated decryption key. Typically, longer keys increase the cost of cryptanalysis, or decryption without the key.

Adversaries can compromise and manipulate devices that perform encryption of network traffic. For example, through behaviors such as Modify System Image, Reduce Key Space, and Disable Crypto Hardware, an adversary can negatively effect and/or eliminate a device’s ability to securely encrypt network traffic. This poses a greater risk of unauthorized disclosure and may help facilitate data manipulation, Credential Access, or Collection efforts. 2

Item Value
ID T1600
Sub-techniques T1600.001, T1600.002
Tactics TA0005
Platforms Network
Permissions required Administrator
Version 1.0
Created 19 October 2020
Last Modified 21 October 2020

Detection

ID Data Source Data Component
DS0022 File File Modification

References

  1. Graham Holmes. (2015, October 8). Evolution of attacks on Cisco IOS devices. Retrieved October 19, 2020. 

  2. Omar Santos. (2020, October 19). Attackers Continue to Target Legacy Devices. Retrieved October 20, 2020.