New Training: Explain Exfiltration Techniques
In this 6-video skill, CBT Nuggets trainer Knox Hutchinson explains the methods an attacker may use to steal and remove data from your business. Watch this new Cisco training.
Watch the full course: Implementing and Operating Cisco Security Core Technologies
This training includes:
23 minutes of training
You’ll learn these topics in this skill:
Introducing Attacker Exfiltration Techniques
DNS Tunneling Exfiltration
Outbound File Transfers
Recapping Exfiltration Techniques
Why Hackers Prefer Exfiltrating Data Through HTTP
After a hacker breaches a business IT system, they need a way to exfiltrate stolen data. There are many ways an attacker could do this, but they often prefer transporting that data through HTTP.
Using the HTTP protocol makes sense. Most businesses allow HTTP traffic through their firewalls. By utilizing an HTTP connection, hackers can exfiltrate data by blending in with the rest of the network traffic.
One might think that it would be easy to spot an attacker exfiltrating large amounts of data out of their network. For example, it's hard to imagine why Sony didn't spot gigabytes of stolen data leaving their network during their famous breach a few years back. Hackers are smarter than that, though.
Instead of transporting large amounts of data at one time, they exfiltrate small bits of data in compressed chunks to different endpoints on the global internet. This makes it much harder to detect traffic anomalies.
If attackers use an HTTPS connection, that exasperates the problem. The nature of a secured connection makes it more difficult for admins to analyze network traffic.