Data exfiltration techniques: how attackers steal your sensitive data

Rob Murawski CERT Coordination Center

  Panel discussion: Wednesday 11 October 2006, 11:40 - 12:20.

Data exfiltration, or the unauthorized transmission of data from a system, is a large problem affecting many organizations. After a system is compromised by malicious code, the removal of the malware is only one step in mitigating the threat - confidential data may already have been stolen from the infected system. Depending on the data that has been exfiltrated, there may even be legal requirements to disclose the intrusion.

Analysis on collected samples of malicious code with exfiltration capabilities has uncovered several common techniques for performing data exfiltration. This paper describes the current techniques commonly seen to exfiltrate data from a system. This includes techniques to transmit the data back to the attacker, tactics to obfuscate the data so it is difficult to detect, and how the data is selected to be exfiltrated. Finally, these exfiltration techniques will be compared against common network monitoring practices to determine which defences are effective.

Poll

Will taking client-side security 'into the cloud' provide better security for the end user?
Yes
No
I don't know

Leave a comment
View 1 comment
Jobs Career Sidebar

Virus Bulletin

In this month's magazine:
  • Co-operation is the only way
  • XXX racted
  • Your filters are bypassed: Rustock.C in the kernel
  • Family matters
  • The Ottawa rules
  • DriveSentry Desktop 3.1/3.2 & GoAnywhere 1.0.2/2.0
  • The problem of backscatter – part 3
Virus Bulletin 10 2008
Subscribe now!
Virus Bulletin currently has 142,692 registered users.