Data exfiltration techniques: how attackers steal your sensitive data

Rob Murawski CERT Coordination Center

Data exfiltration, or the unauthorized transmission of data from a system, is a large problem affecting many organizations. After a system is compromised by malicious code, the removal of the malware is only one step in mitigating the threat - confidential data may already have been stolen from the infected system. Depending on the data that has been exfiltrated, there may even be legal requirements to disclose the intrusion.

Analysis on collected samples of malicious code with exfiltration capabilities has uncovered several common techniques for performing data exfiltration. This paper describes the current techniques commonly seen to exfiltrate data from a system. This includes techniques to transmit the data back to the attacker, tactics to obfuscate the data so it is difficult to detect, and how the data is selected to be exfiltrated. Finally, these exfiltration techniques will be compared against common network monitoring practices to determine which defences are effective.

 del.icio.us  digg this! digg this

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

Malware Prevalence
Autorun |#######|
Encrypted/Obfuscated |#####|
Heuristic/generic |#####|
Sality |####|
Zbot |####|
 View this month's full report

Virus Bulletin currently has 224,242 registered users.