What is data exfiltration?
D2 ยท Threats ยท CompTIA Security+ SY0-701Data exfiltration (also called data extrusion or data theft) is the unauthorized transfer of data from a compromised system to an external location under attacker control.
Exfiltration methods: HTTPS (blends with traffic), DNS tunneling, email, USB/removable media, cloud storage uploads, covert channels in protocols.
Detection indicators: unusual outbound traffic volume, data transfers at odd hours, DNS query spikes, large uploads to unknown IPs.
Exfiltration methods: HTTPS (blends with traffic), DNS tunneling, email, USB/removable media, cloud storage uploads, covert channels in protocols.
Detection indicators: unusual outbound traffic volume, data transfers at odd hours, DNS query spikes, large uploads to unknown IPs.
Exfiltration is the final stage before an attacker has achieved their goal. DLP (Data Loss Prevention) is specifically designed to detect and block exfiltration. Network egress monitoring, CASB (Cloud Access Security Broker) for cloud, and DNS monitoring are key defenses. Double extortion ransomware exfiltrates before encrypting.