Exfiltration Case Study

00:00

hello and welcome to another application of the minor attack framework discussion today. We're looking at our case study on ex filtration, focusing on sneaky bits of data. So what are some potential ex filtration methods? Well, this is just, ah, high level. Look

00:18

at some things to consider here when we look at data exfiltration.

00:22

And so in some cases, data can be encoded into something like based 64. Prior to sending that out, protectors may have a custom manipulation where they encode data in an attempt to avoid detection or raise a flag on that information. If it is seen

00:40

now, they can also use things like ssh tunnels to connect out to a command and control server so they can then send that information over an encrypted channel with the hopes again of not being detected. Now, the other thing to consider,

00:56

if you use things like Dropbox one Dr Google Drive, drive this drive that drive me home, anything that you used to store data

01:06

that maybe has a free trial gives you, you know, 10 15 gigs free. If those repose can be accessed from your network, then a threat actor in theory could use those drives or those areas to load the data up and then collect it from another location.

01:26

So controlling these types of applications is going to be critical when it comes to protecting your data sets and ensuring they're not uploaded to public reposed that could then put the information at risk. So some things to consider.

01:42

What controls are you using today to help block on one of data? Exfiltration. What does that look like? Are you blocking things like Google Drive one Dr. Are you blocking FTP connections out

01:53

right? Are you doing anything of that nature? Would you know if a threat actor or employee was removing data from your network?

02:00

So it's not always about threat actors. There could be some risk from within disgruntled employees, someone who didn't get the raise they were expecting someone who's put a lot of hard work into a project and feels that they didn't get enough recognition for that. So now they're going to move it off site to keep it tucked away for something else.

02:20

If you don't know those things, I mean, how are you going to control your information or protect your intellectual property

02:27

and What could you change today to reduce the risk of ex filtration? Maybe review some firewall rules, block outbound ssh connections, block out down FTP connections, bought

02:37

connections to data repose like one drive Google docks? Who will drive

02:42

Dropbox anything of that nature if it's not managed by the business and it's not within the control of the business or if it's not necessary for day to day operations, it maybe could be considered, you know, not necessary. And it could be blocked or, you know, prevented on the network.