Often, data exfiltration is achieved by hackers when systems rely on vendor-set, common, or easy-to-crack passwords. In fact, statistically, these systems are the ones that most often suffer from data exfiltration. Hackers gain access to target machines through remote applications or by installing a removable media device, in cases where they have physical access to the target machine.
Advanced Persistent Threats (APTs) are one form of cyber attack in which data exfiltration is often a primary goal. APTs consistently and aggressively target specific companies or organizations with the goal of accessing or stealing restricted data. The goal of an APT is to gain access to a network, but remain undetected as it stealthily seeks out the most valuable or target data, such as trade secrets, intellectual property, financial information, or sensitive customer data.
APTs may rely on social engineering techniques or phishing emails with contextually relevant content to persuade a company’s users to inadvertently open messages containing malicious scripts, which can then later be used to install additional malware on the company’s network. Following this exploit is a data discovery stage, during which hackers rely on data collection and monitoring tools to identify the target information. Once the desired data and assets are discovered, data exfiltration techniques are used to transfer the data.
When cyber criminals successfully carry out data exfiltration, they may use the newly obtained data to damage your company’s reputation, for financial gain, or sabotage.