Common Information
| Type | Value |
|---|---|
| Value |
Weaken Encryption - T1600 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may compromise a network device’s encryption capability in order to bypass encryption that would otherwise protect data communications. (Citation: Cisco Synful Knock Evolution) Encryption can be used to protect transmitted network traffic to maintain its confidentiality (protect against unauthorized disclosure) and integrity (protect against unauthorized changes). Encryption ciphers are used to convert a plaintext message to ciphertext and can be computationally intensive to decipher without the associated decryption key. Typically, longer keys increase the cost of cryptanalysis, or decryption without the key. Adversaries can compromise and manipulate devices that perform encryption of network traffic. For example, through behaviors such as [Modify System Image](https://attack.mitre.org/techniques/T1601), [Reduce Key Space](https://attack.mitre.org/techniques/T1600/001), and [Disable Crypto Hardware](https://attack.mitre.org/techniques/T1600/002), an adversary can negatively effect and/or eliminate a device’s ability to securely encrypt network traffic. This poses a greater risk of unauthorized disclosure and may help facilitate data manipulation, Credential Access, or Collection efforts. (Citation: Cisco Blog Legacy Device Attacks) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-07-25 | 0 | Tuesday Morning Threat Report: Jul 25, 2023 | ||
| Details | Website | 2023-07-22 | 0 | Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands | ||
| Details | Website | 2023-07-21 | 0 | Apple: Proposed UK law is a ‘serious, direct threat’ to security, privacy | ||
| Details | Website | 2023-06-08 | 0 | EU Member States Still Cannot Agree About End-to-End Encryption | ||
| Details | Website | 2023-05-03 | 0 | Tor Project, LGBTQ groups and CDT sound alarm over efforts to weaken encryption | ||
| Details | Website | 2023-03-30 | 0 | UK Introduces Mass Surveillance With Online Safety Bill | ||
| Details | Website | 2023-03-20 | 0 | A week in security (March 13 - 19) | ||
| Details | Website | 2023-03-09 | 0 | WhatsApp and Signal unite against online safety bill amid privacy concerns | ||
| Details | Website | 2022-12-12 | 2 | EU to Oppose the "Five Eyes" Weakening of Encrypted Communication | ||
| Details | Website | 2022-11-29 | 1 | Cyber predictions | Professional Security | ||
| Details | Website | 2021-08-06 | 0 | Apple to Scan Every Device for Child Abuse Content — But Experts Fear for Privacy | ||
| Details | Website | 2021-04-21 | 36 | Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03) | ||
| Details | Website | 2021-04-20 | 102 | Authentication Bypass Techniques and Pulse Secure Zero-Day | ||
| Details | Website | 2020-10-20 | 0 | Attackers Continue to Target Legacy Devices | ||
| Details | Website | 2018-12-20 | 0 | Encryption, Ghosts, Backdoors, Interception, and Information Security | ||
| Details | Website | 2017-06-15 | 0 | Rapid7 issues comments on NAFTA renegotiation | Rapid7 Blog | ||
| Details | Website | 2015-11-16 | 0 | Apple’s Tim Cook: There’ll be no backdoor in encryption | WeLiveSecurity | ||
| Details | Website | 2013-09-06 | 0 | On the NSA |