Data Exfiltration, Part 5: What Tactics Are Thieves Using?

By on Feb 17, 2016

This blog was written by David Bull, McAfee’s former Director, Enterprise Solution Marketing.

As you found out from our previous blog, a great deal of data goes out the door through both physical and electronic means. In this blog, we’ll address some of the more sophisticated electronic data exfiltration techniques used by cyberthieves. Many of these bad actors are really smart, innovative people with a lot of time on their hands and are part of a community of like-minded bad guys who share their super-sophisticated tools and services on the dark web. It sounds forbidding, I know. I don’t mean to scare you, but I am hoping that this blog will help you come to the realization that basic perimeter and endpoint security may not be enough to block data exfiltration attempts.

Masters of Disguise
Increasingly, malicious thieves are becoming adept at cloaking data in various ways to prevent security defenses from detecting it as it makes its exit. Manipulating the data before it is transferred is highly advantageous. By using this tactic, bad actors avoid detection or increase the time to detection and can transfer the data to their own servers more quickly.
Our infographic, “Is data leaking out on your watch,” which is based on a survey of 522 security pros who have actually experienced a data breach, shows, that in 32% of cases, thieves used encryption to disguise data. This is followed by compression at 22% and then by chunking and obfuscation at 15% each. Let’s take a look at how these methods work:

  • Encryption: Is there any security professional that doesn’t think encryption is a major data protection checkbox item? So do cyberthieves. They’re using a variety of methods to encrypt the data they harvest, changing it to binary characters, so that it’s unreadable, and then they often hide it in various file formats, like video.
  • Compression: As you know, compression reduces the size of files without removing information. Thieves use it mainly to speed up transfer.
  • Chunking: Breaking data down into smaller pieces makes it blend in with normal network traffic and is harder to detect.
  • Obfuscation: This is a really common and simple data manipulation technique, which uses an encoding or obfuscation algorithm to convert characters to hex code so that the data can avoid detection.

Data Dumpsters
Countless movies show criminals avoiding law enforcement by hiding in dumpsters or temporarily parking their stash in the trash. It’s not that different in the realm of data exfiltration. The end goal of data thieves is to get the data out of your network and into a server outside your network. So, once it’s camouflaged and funneled through data transfer protocols like HTTP/HTTPS, FTP, DNS, and SMTP/email, to name a few, it may end up in various places. It can get dumped on compromised systems within your company, on systems hosted in the cloud through providers such as Amazon Web Services or Microsoft Azure, or on cloud file-sharing services like Dropbox or Now that you know more about the techniques used by bad actors, it’s time to find out about cyberthieves’ favorite data hunting grounds. While you await our next blog, use your copious spare time to peruse these resources:

McAfee and McAfee logos are trademarks of McAfee, Inc. in the US and/or other countries. Other marks and brands may be claimed as the property of others. Copyright © 2016 McAfee, Inc.

About the Author


We're here to make life online safe and enjoyable for everyone.

Read more posts from McAfee

Subscribe to McAfee Securing Tomorrow Blogs