Some cyberattack campaigns will never reach this stage. If the goal of an attack is gaining access to sensitive and valuable data, the data exfiltration techniques discussed in the previous chapter can allow the attacker to achieve their objective.
However, some attacks are intended to cause damage to the target environment in some way. This is the focus of MITRE ATT&CK's Impact tactic, which is shown in Figure 13.1.
An attacker can achieve Impact in a variety of different ways. This chapter explores the Data Encrypted for Impact and Account Access Removal techniques.
Data Encrypted for Impact
Modern encryption algorithms are designed to be resistant to all known and currently feasible attacks. Encrypted data cannot be read by anyone who lacks access to the appropriate decryption key.
While this is good for data privacy, it can also be good for attackers attempting to cause damage to a target. Encrypted data can be read only by someone with the right decryption key. If a user's data is encrypted by an attacker using a key known only to the attacker, then the user can no longer access their own data without a backup.
Encrypting Data for Impact
Malware uses data encryption for impact in a couple of different ways. The main difference between them is how they handle decryption keys:
Ransomware: Ransomware is designed ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month, and much more.
