- Tactics
- defense-impairment
- Platforms
- Network Devices
- Reference
- attack.mitre.org/techniques/T1600.001
Description
Adversaries may reduce the level of effort required to decrypt data transmitted over the network by reducing the cipher strength of encrypted communications.(Citation: Cisco Synful Knock Evolution)
Adversaries can weaken the encryption software on a compromised network device by reducing the key size used by the software to convert plaintext to ciphertext (e.g., from hundreds or thousands of bytes to just a couple of bytes). As a result, adversaries dramatically reduce the amount of effort needed to decrypt the protected information without the key.
Adversaries may modify the key size used and other encryption parameters using specialized commands in a Network Device CLI introduced to the system through Modify System Image to change the configuration of the device. (Citation: Cisco Blog Legacy Device Attacks)
How GTK Cyber trains on this
GTK Cyber's hands-on training programs cover detection engineering across the MITRE ATT&CK framework, including the defense-impairment tactic this technique falls under. Our practitioner-led courses focus on building real detections, not just memorizing technique IDs.
Related techniques
- T1112 — Modify Registry
- T1207 — Rogue Domain Controller
- T1222 — File and Directory Permissions Modification
- T1484 — Domain or Tenant Policy Modification
- T1553 — Subvert Trust Controls
- T1556 — Modify Authentication Process
- T1578 — Modify Cloud Compute Infrastructure
- T1599 — Network Boundary Bridging
- T1600 — Weaken Encryption
- T1601 — Modify System Image
- T1647 — Plist File Modification
- T1666 — Modify Cloud Resource Hierarchy