What is Data Exfiltration?

Data Exfiltration Comes in Many Forms, and Most Amount to Theft

In simple terms, data exfiltration is the transfer of data from one system to another without authorization or consent. While sometimes an honest mistake by an innocent user, data exfiltration is most often performed by a malicious insider or outsider as a form of cybercrime. In this case, the attacker can either sell the stolen data on the black market, or threaten to do so in order to extort a payment from the victim—sometimes increasing the pressure by using ransomware to forcibly encrypt the victim’s own copy of the data. Given the sensitive nature of the data involved, which can include usernames and passwords, personal financial information, personally identifiable information (PII), cryptographic keys, and intellectual property, data exfiltration can be extremely damaging to the targeted organization.

A data exfiltration attack typically occurs via the internet or a corporate network, often using a trojan or other malware, though physical media and even the theft of a server itself can also be involved. The hacker can use one of several common methods for data exfiltration to avoid detection while removing it, including encrypting the stolen data prior to transmission outside the corporate network, leaving the victim unaware of the crime. Best practices to prevent data exfiltration range from simple measures such as replacing default or weak passwords on remote access applications, to blocking unauthorized communication channels, educating users about the dangers of phishing attacks, and maintaining strict access control protocols.

How A10 Networks Helps Companies Avoid Data Exfiltration

When stolen data is encrypted before being transmitted outside the corporate network, it can’t be detected by network security tools, leaving the organization unaware that a crime is in progress. Ransomware and malware can be rendered invisible as well. A10 Networks Thunder® SSL Insight (SSLi®) allows organizations to decrypt and inspect network traffic at scale without impacting performance through a highly efficient approach to TLS decryption/SSL decryption. As a result, they can catch attackers in the act and prevent the exfiltration of sensitive data.