business, as it can be extremely hard to spot. Indeed, in many cases, hackers have been able to transfer materials undetected for months, allowing them to build up a huge repository of sensitive data.
How does data exfiltration occur?
There are a few ways in which data exfiltration works, but they essentially come down to two key attack vectors – outsider attacks and insider threats.
Outside attacks often use techniques such as injecting malware or using phishing attacks to steal credentials and gain access to confidential and encrypted data. Once inside, they can copy data and transfer it back to the attackers at will. In some cases, hackers have been found to exfiltrate data for months or even years before being discovered.
Insider threats, meanwhile, originate from a company’s own employees. This may be inadvertently such as users being careless with their data handling, or more intentional. In these cases, a malicious insider may deliberately copy and remove data, which they can then sell on to criminals or deliver to a competitor, for example. In some cases, ransomware gangs are actively recruiting insiders to help them breach corporate networks and execute successful attacks.
Why does data exfiltration occur?
For cybercriminals, exfiltrated data is a highly valuable resource. For instance, sensitive information such as personal customer data or corporate financial details can be used directly to commit fraud or sell on to other criminals.
However, other confidential information such as trade secrets or other proprietary information may also be of use as part of corporate or even state-level espionage. In fact, a new service known as Industrial Spy, which promotes itself as a marketplace where businesses can purchase their competitors’ data, has recently been set up by threat actors.
Another growing problem is the risk of cyber extortion, where hackers threaten to publicly release private data online. This is often part of a ransomware attack and can also be highly lucrative, as many firms may feel paying up will be cheaper in the long run than dealing with the repercussions of public data exposure. In 2020, research by RUSI found there were 1,200 so-called double extortion ransomware incidents, with over 60% of these aimed at the US and the UK.