ITM is an open framework - Submit your contributions now.

Preventions

No Ready System-Level Mitigation

Restrict Access to Administrative Privileges

Enforce an Acceptable Use Policy

Enforce a Social Media Policy

Install an Anti-Virus Solution

Install a Web Proxy Solution

Restrict Access to Registry Editor

Enforce File Permissions

Prohibition of Devices On-site

Physical Access Controls

End-User Security Awareness Training

Pre-Employment Background Checks

Disable Printing, Windows

Application Whitelisting

Enforce a Data Classification Policy

Prohibit Email Auto-Forwarding to External Domains, Exchange

Network Intrusion Prevention Systems

Data Loss Prevention Solution

DNS Filtering

Internal Whistleblowing

Access Reviews

Employee Off-boarding Process

Full Disk Encryption

Restrict Mobile Clipboard via Intune App Protection Policies

Financial Approval Process

Corporate Card Spending Limits

Enterprise-Managed Web Browsers

Bootloader Password

Next-Generation Firewalls

Native Anti-Tampering Protections

Protocol Allow Listing

Restrict Disc Media Mounting, Group Policy

Restrict Floppy Drive Mounting, Group Policy

Restrict Removable Disk Mounting, Group Policy

Insider Threat Awareness Training

Employee Mental Health & Support Program

Network Access Control (NAC)

Mobile Device Management (MDM)

Employee Vulnerability Support Program

Restrict Windows System Time Modification

Windows Time Service Synchronization

Exchange Restrict Outbound Emails via Recipient Domain

Regulation Awareness Training

Implement MIP Sensitivity Labels

Privileged Access Management (PAM)

ID: PV017
Created: 01st June 2024
Updated: 01st June 2024
Contributor: The ITM Team

Prohibit Email Auto-Forwarding to External Domains, Exchange

Various methods can be used within Exchange to prevent internal emails being auto-forwarded to remote domains. This can prevent exfiltration via email auto-forwarding rules.

Sections

ID	Name	Description
IF010	Exfiltration via Email	A subject uses electronic mail to exfiltrate data.
IF010.001	Exfiltration via Corporate Email	A subject exfiltrates information using their corporate-issued mailbox, either via software or webmail. They will access the conversation at a later date to retrieve information on a different system.
IF010.002	Exfiltration via Personal Email	A subject exfiltrates information using a mailbox they own or have access to, either via software or webmail. They will access the conversation at a later date to retrieve information on a different system.
PR015.003	Email Forwarding Rule	The subject creates an email forwarding rule to transport any incoming emails from one mailbox to another.
IF023.003	Anti-Trust or Anti-Competition	Anti-trust or anti-competition violations occur when a subject engages in practices that unfairly restrict or distort market competition, violating laws designed to protect free market competition. These violations can involve a range of prohibited actions, such as price-fixing, market division, bid-rigging, or the abuse of dominant market position. Such behavior typically aims to reduce competition, manipulate pricing, or create unfair advantages for certain businesses or individuals. Anti-competition violations may involve insiders leveraging their position to engage in anti-competitive practices, often for personal or corporate gain. These violations can result in significant legal and financial penalties, including fines and sanctions, as well as severe reputational damage to the organization involved. Examples of Anti-Trust or Anti-Competition Violations: A subject shares sensitive pricing or bidding information between competing companies, enabling coordinated pricing or market manipulation. An insider with knowledge of a merger or acquisition shares details with competitors, leading to coordinated actions that suppress competition. An employee uses confidential market data to form agreements with competitors on market control, stifling competition and violating anti-trust laws. Regulatory Framework: Anti-trust or anti-competition laws are enforced globally by various regulatory bodies. In the United States, the Federal Trade Commission (FTC) and the Department of Justice (DOJ) regulate anti-competitive behavior under the Sherman Act, the Clayton Act, and the Federal Trade Commission Act. In the European Union, the European Commission enforces anti-trust laws under the Treaty on the Functioning of the European Union (TFEU) and the Competition Act.

References