How they're getting the data out of your network

Thursday 25 September 09:00-09:30, Red room.

Eric Koeppen IBM

  download slides (PDF)

When malware infects a system, often it is only the first step in a chain of events. Once on a system, malware can move laterally through a network, infecting other systems, and searching for important data. If malware finds data that it has been programmed to search for, or an attacker is using the malware to poke around opportunistically, it can then send copies of that data out to external servers, also known as exfiltration. In this talk, I will evaluate the current trends in malware data exfiltration, discuss methods for identifying data breaches, and explore methods for mitigation of data exfiltration.

We have seen exfiltration used in many attacks where confidential customer information has been leaked to malicious actors. Such infections can have disastrous effects on the company's brand, customer loyalty and competitive advantage. Not only can a company lose money by the direct loss of revenue, the leaking of customer information can harm consumer confidence in the company in the long term, it can lead to costly litigation, and the leaking of trade secrets can compromise the company's position in the marketplace through a loss of trade secrets. In 2006, Operation ShadyRAT targeted 72 different companies over a period of five years, exfiltrating massive amounts of information. In 2008, Heartland Payment Services was compromised via SQL injection to install spyware that exfiltrated information on 134 million credit card accounts. In the Target case, 40 million credit and debit card accounts were stolen, along with PII data on another 70 million customers. Target said its data breach has cost $240 million so far, with further litigation threatening to push that number higher.

Click here for more details about the conference.

Eric Koeppen

Eric Koeppen

Eric Koeppen was born in Italy in 1977. After graduating from college in August 2001, he took a job with the Department of Defense in an information assurance role. In early 2006, he left government service to go to work for Lockheed Martin, working on embedded security software engineering for the F35 Joint Strike Fighter. In late 2007, he broke into the fields of reverse engineering and vulnerability research with a series of government contracting opportunities. With the government shutdown of 2013, he realized that government contracting was no longer stable. He has since joined IBM's X-Force Advanced Research Team and is excited to become more active in the InfoSec community.