DATA EXFILTRATION - WHAT IS IT?

Data exfiltration is a data breach that involves the unauthorized copying or transferring of data from one device to another. Cyber criminals can use either automated or manual malware attacks to exfiltration data from individuals or companies (Magnusson, 2023). Even if the user has proper permissions, any removal of data is considered exfiltration but the traditional definition classifies data extrusion tactics as intentional data theft performed by people with malicious intent. The problem with data exfiltration is that it puts the organizations reputation at risk. If company data is compromised (intentionally or unintentionally) can put sensitive company information, employee data, customer data, or confidential documents at risk (Magnusson, 2023).

There are several different ways cyber criminals’ compromise data:

1.      Unsanctioned cloud storage accounts – Because cloud storage makes transferring data as simple as dragging and dropping files into a folder in the cloud, it also makes it a prime tool for data extrusion (Strickland, 2022). This threat can be mitigated by using URL (web) filtering to help restrict access from unsanctioned cloud storage providers. These filtering tools are regularly updated with new websites as they emerge, making it very easy to block these new threats.

2.      Portable storage devices (USB, cell phones, etc.) – USB drives, databases, and cloud applications are the top three vectors being used to exfiltrate data (Strickland, 2022). These devices are able to store terabytes of data onto a tiny, portable device. To help thwart this type of exfiltration, organizations can block USB ports but that also prevents legitimate USB drives in the process. Software exists that allows the transfer of files based on specific file names and extensions (Strickland, 2022).

3.      Email and phishing – Email is the top exfiltration risk and it’s easy to understand why. The simple act of an employee mailing company data to a personal email account is easy and seems to have little risk. The risk comes if there is an insider threat (employee intending to do harm), a simple misaddressed email, or unknowingly including customer data (Strickland, 2022). Fortunately, organizations can protect against this threat by configuring network email filtering to detect these types of emails and restrict unauthorized attachments outside of the organization. They can also implement important data security policies in the organization, provide security awareness training to employees, and block access to unauthorized email platforms (Strickland, 2022).

4.      Unsecured servers – Any misconfigured server operating on a business network where sensitive data is kept exposes the company to data theft and may be compromised by cyber criminals with bad intentions such as identity theft, blackmail, or financial fraud (FBI, n.d.). The good news is that most vulnerabilities behind unsecured servers can be mitigated by never making the server public-facing unless absolutely necessary, use multi-factor authentication (MFA) to protect from brute force attacks, limit access to the server by using a firewall to limit unauthorized traffic, keep the physical server areas secure for unauthorized access, on the network separate database servers from non-database servers, and finally, ensure data encryption id used (Strickland, 2022).

5.      Social media forums – The most common websites used for data exfiltration are: file sharing sites, instant messaging, social media, forums, and email. Firewalls can be configured to deny access to any unknown website from inside the organization, or to block against specific sites and types of sites can be used to help mitigate this vulnerability (Strickland, 2022).

6.      Malware - Most external threats use combination of phishing and malware to gain unauthorized access to a targeted system. Fortunately there are a number of antimalware solutions available to help stop intruders from unauthorized, remote access attempts (Strickland, 2022).

7.      Printers – Between 2020-2021 68% of businesses in the US and Europe suffered a print related data breach which caused a loss of more than $400,000 (Strickland, 2022). Made easier with remote work, connecting a printer to a company computer and printing sensitive documents is one of the easier ways to exfiltrate data. Fortunately there are a number of ways to protect against this as well: encrypt internal printer storage drives, enforce secure printing (requiring a user to enter a unique PIN to retrieve sensitive data), securely store and dispose of sensitive documents, monitor printer logs for sensitive files, force employees to immediately retrieve printed documents, and use USB blocking to block high risk users from connecting printers to their computers (Strickland, 2022).

 

References

Magnusson, A. (2023, January 5). What is data exfiltration? (and the best way to prevent it). StrongDM. Retrieved May 2, 2023, from https://www.strongdm.com/blog/data-exfiltration

Strickland, D. (2022, December 29). Top 7 data exfiltration risks [data theft prevention tips]. CurrentWare. Retrieved May 2, 2023, from https://www.currentware.com/blog/top-data-exfiltration-risks/