Data exfiltration refers to any malicious attack that steals data from the victim. It’s also known as “data theft,” though the term “data exfiltration” is more specific to the data on networks or larger-scale IT systems (as opposed to the data on a private hard drive or smartphone).
There are two primary types of data exfiltration:
- Internal exfiltration, which occurs when an employee, contractor, or other credentialed individual copies or transfers data to an unauthorized system. This can include insecure devices (personal USB drives and other devices that are not subject to the organization’s security policies).
- External exfiltration, in which data is exfiltrated with malicious software (such as ransomware), social engineering techniques (such as phishing), or other tactics.
Many ransomware groups have exfiltrated data from victims to sell on the dark web as a secondary means of profiting from a ransomware attack. The attackers may use the threat of exfiltration as an extortion tactic, though data may be sold regardless of whether the victim pays.
Datarecovery.com can help your organization identify breaches by using proprietary methods to search for data on the internet and the dark web. Contact our forensic experts at 1-800-237-4200 or click here to request more information.
Common Data Exfiltration Techniques
The best practices of cybersecurity change constantly — and so do the techniques used by cybercriminals to capture (and sell) mission-critical data. In recent years, several techniques have proven especially profitable for bad actors:
- Social Engineering – Any tactic intended to deceive or manipulate a human victim can be described as social engineering. The most common example is direct phishing, in which an attacker claims to be someone else (this type of attack allegedly compromised MGM Grand’s systems in 2023).
- Ransomware – Ransomware may be designed to seek out critical data within a target and transfer it to the attacker’s systems prior to the presentation of a ransom note. In some cases, ransomware is dormant for months prior to activation; during the dormancy period, the software may be actively transferring some data.
- Access Through Third-Party Software – Hacked software is a common attack vector for data exfiltration. Last year, numerous organizations were exposed via a vulnerability in MOVEit, a file transfer tool.
- Physical Infiltration – Hackers have been known to leave infected USB drives and other physical media near victims’ offices, hoping that a curious individual will plug the device into the target system (deploying malicious software in the process). While rare, these types of attacks can be remarkably effective for bypassing common security controls.
After stealing the target data, bad actors will often sell or share it on the dark web. This can be profitable, and it helps sustain the ransomware economy: Other attackers may use the data for future extortion attempts, particularly if the exfiltrated data contains pertinent info about the company’s security practices.
Related: Data Leak Response: 4 Tactics for Reducing Risks
Protecting Your Organization from Data Exfiltration
In 2023, ransomware incidents reported to the FBI rose by 18%, and the actual increase in attacks was likely much more significant. While most organizations understand the threat of ransomware and targeted social engineering attacks, many victims are unaware of data exfiltration until months after exposure.
Datarecovery.com provides a range of services to help enterprises plan for — and recover from — malicious attacks.
With decades of combined experience in ransomware and ongoing investments in research & development, we offer comprehensive solutions to recover from ransomware infection and protect against future events. From penetration (PEN) testing to dark web monitoring, we’re prepared to help you form a secure, compliant strategy.
To learn more, call 1-800-237-4200 and ask to speak with a ransomware specialist or submit a case online.