September 2, 2015 By Douglas Bonderud 2 min read

What’s the goal of any malicious actor? While stated purposes may differ — monetary gain, activism or national defense — ultimate aims remain the same: Find a way to access and then control critical data. To combat this threat, companies build higher walls and deeper moats, but as noted by CSO Online, this focus on keeping attackers at arms’ length falls apart when they inevitably breach corporate defenses.

Instead of worrying about illegal entry, businesses need better ways to handle data exfiltration. Access means nothing if data can’t be moved.

Easy Way In for Data Exfiltration

Attackers don’t have any trouble breaking into corporate networks. According to a new McAfee Labs and Intel Security report, cybercrime has in fact become an industry unto itself, with suppliers, markets, service providers and even trading systems. What’s more, companies often lag behind when it comes to applying security updates and ensuring that users follow password security protocols. Also of interest is the increasing criminal focus on mobile and IoT-connected devices, which are prime targets for compromise not as end goals, but a way to access higher-value data assets.

In addition to mobile device compromise, malicious actors are also leveraging physical devices such as USB keys and social engineering techniques to discover the lay of the land before they launch an attack. Ultimately, however, all of this is prep work: The real aim is data exfiltration.

Quick Way Out?

So how do cybercriminals get data out of corporate systems once they’ve breached perimeter defenses? One option is compressing critical assets to allow easy mobility or slicing the data up into multiple pieces for quick transport. Another option is making critical information look like something else — something companies won’t flag as worrisome when it leaves the system. The CSO Online piece pointed to Twitter as one legitimate way to exfiltrate data: Attackers embed stolen data into images uploaded by employees, then follow the Twitter-post trail to retrieve the stolen information.

It’s also possible to use graphics processors to move stolen data since graphics processing units (GPUs) are isolated from the other components of a corporate network and aren’t monitored in the same way. This does require more effort on the part of attackers since GPUs are relatively limited in scope, but it speaks to the level of ingenuity displayed by dedicated cybercriminals.

Holding Down the Fort

To keep company data from drifting off unannounced, companies need to change the way they view network security. First is a shift in data priorities: While traditional hacking groups typically seek out financial information or payroll data, hacktivist and nation-state actors are often looking for incriminating or embarrassing information. They may target executive emails or other communications to get what they want. This leads to the second necessary shift: discovering avenues of data removal.

The goal here? Instead of making it harder for cybercriminals to get in, companies need to make leaving the difficult task. Think of it like a door that only swings one way — attackers can get in but they have trouble getting out, giving IT admins time to discover oddities in data movement and clamp down on exfiltration.

Attackers have mastered the art of getting in. Rather than fight the losing battle of open doors, enterprises are better served looking for ways to keep data at home and malicious actors trapped on the wrong side of the wall.

More from

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today