Data exfiltration techniques: how attackers steal your sensitive data

Rob Murawski CERT Coordination Center

Data exfiltration, or the unauthorized transmission of data from a system, is a large problem affecting many organizations. After a system is compromised by malicious code, the removal of the malware is only one step in mitigating the threat - confidential data may already have been stolen from the infected system. Depending on the data that has been exfiltrated, there may even be legal requirements to disclose the intrusion.

Analysis on collected samples of malicious code with exfiltration capabilities has uncovered several common techniques for performing data exfiltration. This paper describes the current techniques commonly seen to exfiltrate data from a system. This includes techniques to transmit the data back to the attacker, tactics to obfuscate the data so it is difficult to detect, and how the data is selected to be exfiltrated. Finally, these exfiltration techniques will be compared against common network monitoring practices to determine which defences are effective.

Poll

How should software and OS patching/security updates be managed?
Manually, at the user's discretion
Automatically via an optional, user-defined schedule
Automatically via a fixed, but optional schedule
Automatically via a fixed schedule, on by default with opt-out system
Automatically and silently, with no option to run unpatched

Leave a comment
View 19 comments
Jobs Career Sidebar

VB100 certification

VB100 This month's comparative review tackles the 64-bit version of Windows Server 2003 - with the platform bringing out quite a number of quirks and oddities in several of the products under test.
See full results.
Virus Bulletin currently has 165,683 registered users.