Data Exfiltration

CaupolicanDiaz's avatar
Published Feb 21, 2023Updated Sep 7, 2023
Contribute to Docs

Data exfiltration is the theft or unauthorized removal or movement of any data from a device. It usually involves an attacker stealing information from personal or corporate devices through various attack methods.

Data Exfiltration In-Use

Common data exfiltration attacks include social engineering and phishing campaigns. Malware is often unknowingly downloaded onto a user’s device to steal login credentials. Data exfiltration may also occur when an insider moves data outside the network. This can be done by emailing it to a non-corporate email address. Although there might not be any malicious intent, the data is now at risk as it no longer can be monitored by the security team.

Types of Data Exfiltration

Data exfiltration can occur in various ways. Malware and insider threats are two of the more common ways it can occur. Cybercriminals will try to insert malware onto a network device which will then scan other devices on the network for sensitive information. The malware may remain latent to avoid detection while still exfiltrating data. In an insider threat scenario, trusted employees exfiltrate data for their own gain. This can result in serious harms to the company and may put many users at risk. They can steal data by making Google Drive links public, moving critical files to personal devices, or abusing access privileges.

How to Prevent Data Exfiltration

Data Loss Prevention (DLP) solutions are often used by organizations to prevent data exfiltration. These platforms have specific algorithms to monitor, detect and block confidential data from leaving an organization. As an alternative to DLP solutions, many organizations strive to prevent insider threats. There are various tools and platforms such as Splunk, ManageEngine Endpoint, and SecureTrust, which rely on a combination of user and data activity monitoring to detect and prevent insider threats.

All contributors

Contribute to Docs

Learn Cybersecurity on Codecademy