Data exfiltration, data loss or data leakage is essentially the theft or removal of information or data from an electronic device, typically a computer, mobile phone or other Internet connected device. This typically includes valuable personal or corporate information that can be sold or used to extort individuals and business for monetary gain. It is big business for cybercriminals and a nightmare for the organizations that find themselves victim.

Exfiltration is very difficult to detect because it happens silently in the background, with the victim not even realizing it has occurred, leaving organizations and individuals highly vulnerable.  With cyberattacks growing in both volume and sophistication, it is inevitable that malware will find its way onto a device. Such malware often remains latent to avoid detection and only activates when the machine has been idle for a certain period of time. People are often surprised how much data their mobile device consumes overnight when they haven’t even been using their device. This is commonly data being exfiltrated from the device.

In this blog we’ll answer some of the most common questions around data exfiltration and explain how BlackFog can prevent your organization from becoming the next victim.

What is data exfiltration?

Data exfiltration is the unauthorized copying, transfer or retrieval of data from a computer or server. It occurs when malware and/or a malicious actor carries out an unauthorized data transfer from a computer. Data exfiltration is also considered to be a form of data theft.

How does data exfiltration occur?

Data exfiltration can be divided into two categories, outsiders trying to infiltrate the network to steal valuable corporate data, and people on the inside willing to share it. Whilst often malicious in nature data exfiltration can also be the result of insider carelessness, sending confidential documents to personal email accounts and / or cloud servers.

In an outsider threat scenario, a cybercriminal will insert malware onto a network-based device, such as a computer or mobile phone. The malware will crawl other network devices in search of valuable information and attempt to exfiltrate it. Once compromised the malware orchestrating the attack may lay dormant until the point of data exfiltration or, to avoid detection, subversively collect information over time and gradually exfiltrate the data.

Is data exfiltration easy to detect?

Data exfiltration can be very difficult to detect. As data routinely moves in and out of an organization, data exfiltration can closely resemble normal network traffic, meaning that data loss incidents often go unnoticed by IT staff until the damage has been done.

What are some common techniques that cybercriminals are using to steal data?

Data exfiltration can be achieved using various techniques, but it’s most commonly performed by cybercriminals over the internet or a network. These attacks are typically targeted, with the primary intent being to gain access to a network or machine to locate and copy specific data.

Common techniques involve anonymizing connections to third party servers to protect the identity of the attacker. This can include using the Dark Web, direct IP addresses, tunnelling over HTTP or HTTPS and Fileless attacks, where attackers can use remote code execution.

Where is the majority of exfiltrated data going?

According to BlackFog’s Q2 internal research, around 19% of all traffic is being exfiltrated to Russia and 2.65% is going to China. Data exfiltration to the Dark Web represented 5.67% of all traffic.

Is there increased risk of data exfiltration from a smartphone?

Yes, particularly with Android devices where malware can often be preinstalled.  Earlier this year Google researchers identified preinstalled malware on more than 7.4 million Android devices. The malware had the ability to take over the device and download apps in the background.

Are Antivirus and Malware solutions enough to prevent data exfiltration?

Companies rely on a combination of technology, training, policies and trust to cope with data exfiltration. Intrusion detection systems such as Firewalls and Anti-Virus solutions that remove known infections are not enough to prevent attackers from infiltrating the company network. It is inevitable that attackers will find a way in, the key is to prevent the activation and removal of information using modern cyber security techniques. Organizations need to deploy a solution that prevents the exfiltration of data from every device on the network.

How can data exfiltration be prevented?

The inherent mobility of today’s workforce makes it difficult for companies to keep track of what’s happening on every device in the network.  With a significant proportion of network transactions taking place in the background, without consent, it is important that organizations and individuals are closely monitoring this activity. Preventing the transmission of sensitive data to unidentified servers in regions where high levels of cyberattacks originate is paramount to protecting all network infrastructure. Modern attacks are predicated on the ability to communicate with third party servers to steal data. It is crucial that any cybersecurity solution is able to monitor, detect and prevent the unauthorized transmission of such data in real time.

How does BlackFog prevent data exfiltration?

Lots of cybersecurity firms can tell you when a breach or attack has taken place. BlackFog stops it from happening in the first place by focusing on preventing data loss, data profiling, and data collection. BlackFog protects from today’s modern threats by filling the gap between security solutions that focus on preventing access through intrusion detection systems, such as Firewalls and AV / Malware solutions that remove known infections after they have been discovered.

Through a layered approach, BlackFog spots, in real-time, when an attacker is trying to remove unauthorized data from a device or network and shuts them down before they get the chance to.

Why is BlackFog Different?

BlackFog is the only solution that provides on-device protection from data exfiltration, no data is ever sent to the cloud. BlackFog is also the only solution able to block outbound dataflow, ensuring what is on your device stays on your device. BlackFog also detects and blocks the transfer of data to the Dark Web in real-time, making it difficult for cybercriminals to extract data from your device. BlackFog’s 12 layers of defense protect you from ransomware, spyware, malware, phishing, unauthorized data collection and profiling.

To stay ahead of cybercriminals and protect your organization from data exfiltration, a multi-layered defense system preventing data loss, unauthorised data profiling and data collection is crucial.  Only by monitoring the flow of outbound traffic and stopping attacks in real time can you ensure no unauthorized data will fall into the wrong hands.