Adversaries may tunnel network communications to and from a victim system within a separate protocol to avoid detection/network filtering and/or enable access to otherwise unreachable systems. Tunneling involves explicitly encapsulating a protocol within another.
This behavior may conceal malicious traffic by blending in with existing traffic and/or provide an outer layer of encryption [1]
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.