Eliminating MITRE Attacks with Confidential Computing - T1036: Masquerading

Published on
Jul 15, 2022
How do I protect against MITRE Attacks T1036 - Masquerading? You use Anjuna and Confidential Computing to eliminate this attack technique through hardware isolation.

In a recently published white paper, Anjuna Security analyzed the complete MITRE attack matrix and found 77 MITRE attacks that Confidential Computing can instantly eliminate. In this series of blogs, we will cover in detail the top five critical attacks and address how Confidential Computing implemented using Anjuna software can abolish these attacks forever!

MITRE Attack T1036: Masquerading

The third typical MITRE attack we cover in this series is T1036: Masquerading. In this attack, an unauthorized user gains access to a system by illegitimately posing as an authorized entity and then performs a malicious act – also referenced as the “wolf in sheep’s clothing” technique. To attain “authorized access”, the adversary may attempt to manipulate features or their artifacts to make them appear legitimate or benign to admins and/or security tools for the sake of avoiding detection and evading defensive measures. Examples include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names. Once the bad actor has attained “authorized access”, they then have full access to the system and can steal confidential data across the board. A few notable examples include AppleSeed Backdoor, Trickbot, and Ramsay Malware.

How to protect against T1036 - Masquerading

Anjuna Confidential Computing software enables the ability to isolate the operating system (OS) apart from the application and its sensitive data - barring any unknown entity with privileged access to your application.

How is this possible? The rollout of Confidential Computing technology by all major cloud providers such as Microsoft Azure and AWS now provides the ability to work within a hardware secure environment commonly known as a secure enclave. These secure enclaves are fully isolated virtual machines, hardened, and highly constrained that have no persistent storage, no interactive access, and no external networking. Communication between your instance and your enclave is done using a secure local channel. Even a root user or an admin on the instance will not be able to access or use a Secure Shell Protocol (SSH) to gain access to the enclave, thus providing an isolated and secure area for your sensitive applications.

Learn more about other attacks!

If you missed our previous blog that dives into detail about how Anjuna provides a solution against MITRE attack T1554: Compromise Client Software Binary, you can access that below.

Anjuna Protects Against T1554: Compromise Client Software Binary

To learn more about the other 76 attacks that we protect against and how you can instantly adopt default protection across your entire environment, take a look at our MITRE white paper below!

Eliminate 77 MITRE Attacks With Anjuna

The next blog in our five-part series will focus on MITRE attack T1203: Exploitation For Client Execution. So be sure to stay tuned in!

More like this

Attacks and Vulnerabilities

Get Started