dataexfiltration

Data exfiltration is the unauthorized transfer of data from a protected environment to an external destination. It can involve any sensitive data: personal data, financial information, intellectual property, or strategic data. It is a common objective in data breach campaigns and can result from external attacks or insider threats.

Actors and motives: Threat actors range from cybercriminals seeking financial gain to state-sponsored groups and insider

Methods (high-level): Exfiltration can occur via network channels such as outbound data transfers over legitimate protocols

Detection and defense: Indicators include unusual egress traffic, large transfers to unfamiliar destinations, odd DNS queries,

Legal and regulatory context: Data exfiltration constitutes unauthorized access and transfer and is illegal in many