1. Home
  2. Techniques
  3. Deception (or Misdirection)

Deception (or Misdirection)

Measures designed to mislead an adversary by manipulation, distortion, or falsification of evidence or information into a system to induce the adversary to react in a manner prejudicial to their interests. Threat actors may seek to deceive mission stakeholders (or even military decision makers) for a multitude of reasons. Telemetry values could be modified, attacks could be designed to intentionally mimic another threat actor's TTPs, and even allied ground infrastructure could be compromised and used as the source of communications to the spacecraft.

ID: IMP-0001
Sub-techniques: 
Related Aerospace Threat IDs:  SV-IT-2 SV-AV-4 SV-MA-3 SV-SP-1 SV-SP-9 SV-AV-2 SV-AV-3 SV-AV-8 SV-IT-4 SV-MA-8 SV-AV-5 SV-AC-1 SV-AC-2 SV-IT-1 SV-AV-1 SV-MA-7 SV-CF-3 SV-SP-4
Related MITRE ATT&CK TTPs: 
Tactic:
Created: 2022/10/19
Last Modified: 2022/12/08

Countermeasures

ID Name Description NIST Rev5 D3FEND ISO 27001
CM0000 Countermeasure Not Identified This technique is a result of utilizing TTPs to create an impact and the applicable countermeasures are associated with the TTPs leveraged to achieve the impact None

Related CWE Classes

Priority 1 Priority 2 Priority 3 Priority 4
CWE-118: Incorrect Access of Indexable Resource ('Range Error') CWE-228: Improper Handling of Syntactically Invalid Structure CWE-1023: Incomplete Comparison with Missing Factors CWE-114: Process Control
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-311: Missing Encryption of Sensitive Data CWE-200: Exposure of Sensitive Information CWE-514: Covert Channel
CWE-1263: Insufficient Physical Security CWE-345: Insufficient Verification of Data Authenticity CWE-269: Improper Privilege Management CWE-642: External Control of Critical State Data
CWE-1384: Insecure Default Variable Initialization CWE-404: Improper Resource Shutdown or Release CWE-400: Uncontrolled Resource Consumption CWE-653: Insufficient Separation of Duties
CWE-1390: Weak Authentication CWE-684: Incorrect Provision of Sensitive Information CWE-657: Violation of Secure Design Principles CWE-668: Exposure of Resource to Wrong Sphere
CWE-1391: Improperly Implemented Security Check for Standard CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-666: Operation on Resource in Wrong Phase of Lifetime CWE-669: Incorrect Resource Transfer Between Spheres
CWE-172: Encoding Error CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-671: Lack of Accounting for Security Implications in Design CWE-913: Improper Control of Dynamically-Managed Code Resources
CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions CWE-922: Insecure Storage of Sensitive Information
CWE-285: Improper Authorization CWE-863: Incorrect Authorization
CWE-287: Improper Authentication CWE-912: Hidden Functionality
CWE-300: Channel Accessible by Non-Endpoint CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
CWE-326: Inadequate Encryption Strength
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-330: Use of Insufficiently Random Values
CWE-346: Origin Validation Error
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-522: Insufficiently Protected Credentials
CWE-610: Externally Controlled Reference to a Resource in Another Sphere
CWE-662: Incorrect Synchronization
CWE-665: Improper Initialization
CWE-667: Improper Locking
CWE-696: Incorrect Behavior Order
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Indicators of Behavior

ID Name Description STIX Pattern