Data exfiltration is one of the hardest attacks to detect because it hides behind normal day-to-day processes.
Plus, most such attacks won’t disrupt your systems as bluntly as a DoS attack will. That doesn’t mean they’re undetectable, though. There are several telltale signs that will show you a data exfiltration attack is on its way. Let’s look at some of the most common ones.
1️⃣ Unusual network traffic, especially when it happens during off-hours. Keep an eye out for data being sent from your internal network to an external destination and unknown IP addresses.
2️⃣ Large data transfers, especially when they’re made via FTP, HTTP, or email attachments to unrecognized destinations.
3️⃣ Unusual activity on endpoint devices, such as large CPU usage, high memory consumption, or unexpected network connections.
4️⃣ Multiple failed login attempts. Brute-force attacks are not as common as they used to be, but they may still be the first resource attackers may use to try to gain access to your data.
5️⃣ Unauthorized access, or instances when a user seems to access data they wouldn’t normally have access to. When the data they’re accessing is sensitive or involves databases or systems beyond the scope of their jobs, it is safe to assume their account was compromised.
6️⃣ Abnormal application behavior, such as unexpected errors that don’t have an immediately verifiable cause. An application may also use more or different resources than usual or perform unexpected actions. While a data exfiltration attack is not the only cause of such issues, they should be addressed immediately, as they represent a system vulnerability.
7️⃣ High volume of DNS requests can be a sign of data exfiltration through DNS tunneling. This method will encode data within the DNS queries, making the attack harder to detect. The increased volume of DNS requests, especially to external domains, is often the only sign, so address it as soon as you notice it.
In the last post of the series, we’ll talk about what to do if you are the victim of data exfiltration, and how to stop the attack and minimize the damages as quickly as possible.