Bypass of outbound traffic control in cloud security refers to an attack technique used by threat actors to bypass the security controls implemented by cloud service providers to prevent unauthorized exfiltration of data from their networks.
Threat actors can use various tactics to bypass these outbound traffic controls and exfiltrate data from the cloud network.
For example, they may use encrypted channels such as VPNs or SSL/TLS to hide the data being transferred and make it difficult for the traffic control measures to detect it.
Another tactic that threat actors may use to bypass outbound traffic control is to blend in their data with legitimate traffic, making it harder to detect.
For example attacker may use Webhooks, Code repositories, Cloud storage that are legitimate to bypass outbound traffic control.
They may also use steganography techniques to conceal their data within seemingly innocuous files or images.
ID:T0145
Type:Technique
Tactic:Exfiltration
Summary:Bypass of outbound traffic control
State:Draft
Mitigations
ID
TYPE
SUMMARY
DESCRIPTION
M1250
Mitigation
Mitigation Enable data sencryption in transit Data encryption in transit is a critical security control in cloud computing that involves encrypting data as it moves between two points over a network or the internet.
This is important to prevent data breaches, protect sensitive data, and comply with data privacy regulations. Cloud service providers use various encryption protocols to establish a secure communication channel, and organizations should ensure that encryption is properly implemented and verified. To implement data encryption in transit, cloud service providers use various encryption protocols such as Transport Layer Security (TLS), Secure Sockets Layer (SSL), and Internet Protocol Security (IPsec). These protocols use encryption keys and digital certificates to establish a secure communication channel between the sender and receiver. The encryption process ensures that data is scrambled and unreadable to anyone without the proper decryption key. Check your cloud provider documentation for more details on how to enable data encryption in transit.
M1450
Mitigation
Mitigation Implement zero trust Implementing a zero-trust security model can help organizations mitigate the risk of data exfiltration by ensuring that all traffic leaving the network is authenticated, authorized, and encrypted.
This model involves a layered approach to security that requires users and devices to be verified before accessing any resources.
M1451
Mitigation
Mitigation Use network segmentation Network segmentation is a technique that involves dividing a network into smaller segments or subnets to limit the spread of an attack if it occurs.
By segmenting the network and restricting communication between segments, organizations can minimize the impact of data exfiltration.
Detections
ID
TYPE
SUMMARY
DESCRIPTION
D1510
Detection
Detection Implement Intrusion Detection System and anti-malware An intrusion detection system (IDS) is a security tool designed to detect and alert on unauthorized access to a computer system or network.
Implementing intrusion detection systems (IDS) and anti-malware software can help to identify and block malicious activity. IDS is a critical security tool that helps organizations to detect and respond to security incidents in a timely manner. By providing real-time monitoring and analysis of network traffic, IDS can help organizations to stay ahead of potential threats and reduce the risk of a security breach.
AppSec teams are overwhelmed by useless alerts, managing numerous applications with vulnerabilities across various kill-chain stages, making them increasingly susceptible to successful attacks.
