Re: Data Exfiltration within five hours of access ...

Caute_cautim · ‎09-28-2022

Hi All

An interesting reports on data exfiltration, stating that on average this will occur within five hours of a success access to an organisations crown jewels: https://www-computerweekly-com.cdn.ampproject.org/c/s/www.computerweekly.com/news/252525373/Most-hac...

So if you are not prepared, be prepared to for this to occur. Phishing and Social Engineering appears to be best avenues.

Regards

Caute_Cautim

JKWiniger · ‎09-29-2022

What has always surprised me is that companies don't seem to be using DLP solutions with rate limiters. Or better yet, is there a DLP or other solution that required approval to exfiltrate data above a set amount? It seems like it would be very hard to request that access if I person knows they will need it and it wouldn't seem like it would be a regular occurrence. And yes, you things like streaming services that do more large amounts of data but there again you could have things locked down so data could only be sent out certain addresses and ports by certain processes. Who am I kidding if we can't get places to do simple updates and backups how would this ever happen!

John-

Beads · ‎09-29-2022

I've had this discussion many times with many clients, their designers aka "architects", engineers and business executives all with similar excuses. That is until I am conducting a post mortem from the last time this happened and now they need help.

- B/Eads

Data Exfiltration within five hours of access by hackers