Data Exfiltration and Covert Channels
نویسندگان
چکیده
Within an organization, the possibility of a confidential information leak ranks among the highest fears of any executive. Detecting information leaks is a challenging problem, since most organizations depend on a broad and diverse communications network. It is not always straightforward to conclude which information is leaving the organization legitimately, and which communications are malicious data exfiltrations. Sometimes it is not even possible to tell that a communication is occurring at all. The set of all possible exfiltration methods contains, at a minimum, the set of all possible information communication methods, and possibly more. This article cannot possibly cover all such methods; however, several notable examples are given, and a taxonomy of data exfiltration is developed. Such a taxonomy cannot ever be exhaustive, but at the very least can offer a framework for organizing methods and developing defenses.
منابع مشابه
Browser-Based Covert Data Exfiltration
Current best practices heavily control user permissions on network systems. This effectively mitigates many insider threats regarding the collection and exfiltration of data. Many methods of covert communication involve crafting custom packets, typically requiring both the necessary software and elevated privileges on the system. By exploiting the functionality of a browser, covert channels for...
متن کاملExfiltration of Data from Air-gapped Networks via Unmodulated LED Status Indicators
The light-emitting diode(LED) is widely used as an indicator on the information device. Early in 2002, Loughry et al studied the exfiltration of LED indicators[16] and found the kind of LEDs unmodulated to indicate some state of the device can hardly be utilized to establish covert channels. In our paper, a novel approach is proposed to modulate this kind of LEDs. We use binary frequency shift ...
متن کاملDetection of Malicious and Low Throughput Data Exfiltration Over the DNS Protocol
In the presence of security countermeasures, a malware designed for data exfiltration must do so using a covert channel to achieve its goal. Among existing covert channels stands the domain name system (DNS) protocol. Although the detection of covert channels over the DNS has been thoroughly studied in the last decade, previous research dealt with a specific subclass of covert channels, namely ...
متن کاملGlavlit: Preventing Exfiltration at Wire Speed
Protecting sensitive data is no longer a problem restricted to governments whose national security is at stake. With ubiquitous Internet connectivity, it is challenging to secure a network – not only to prevent attack, but also to ensure that sensitive data are not released. In this paper, we consider the problem of ensuring that only pre-authorized data leave a network boundary using either ov...
متن کاملCreating and Detecting IPv6 Transition Mechanism-Based Information Exfiltration Covert Channels
The Internet Protocol Version 6 (IPv6) transition opens a wide scope for potential attack vectors. Tunnel-based IPv6 transition mechanisms could allow the set-up of egress communication channels over an IPv4-only or dual-stack network while evading detection by a network intrusion detection system (NIDS). Increased usage of IPv6 in attacks results in long-term persistence, sensitive information...
متن کامل