Data exfiltration techniques: how attackers steal your sensitive data

Rob Murawski CERT Coordination Center

Data exfiltration, or the unauthorized transmission of data from a system, is a large problem affecting many organizations. After a system is compromised by malicious code, the removal of the malware is only one step in mitigating the threat - confidential data may already have been stolen from the infected system. Depending on the data that has been exfiltrated, there may even be legal requirements to disclose the intrusion.

Analysis on collected samples of malicious code with exfiltration capabilities has uncovered several common techniques for performing data exfiltration. This paper describes the current techniques commonly seen to exfiltrate data from a system. This includes techniques to transmit the data back to the attacker, tactics to obfuscate the data so it is difficult to detect, and how the data is selected to be exfiltrated. Finally, these exfiltration techniques will be compared against common network monitoring practices to determine which defences are effective.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.