Description
Adversaries may attempt to exfiltrate data over Bluetooth rather than the command and control channel. If the command and control network is a wired Internet connection, an adversary may opt to exfiltrate data using a Bluetooth communication channel. Adversaries may choose to do this if they have sufficient access and proximity. Bluetooth connections might not be secured or defended as well as the primary Internet-connected channel because it is not routed through the same enterprise network.
Threat-Mapped Scoring
Threat Score:
0.0
Industry:
Threat Priority:
Unclassified
ATT&CK Kill Chain Metadata
- Tactics: exfiltration
- Platforms: Linux, macOS, Windows
-
Detection Guidance:
Monitor for processes utilizing the network that do not normally have network communication or have never been seen before. Processes that normally require user-driven events to access the network (for example, a web browser opening with a mouse click or key press) but access the network without such may be malicious. Monitor for and investigate changes to host adapter settings, such as addition and/or replication of communication interfaces.