24 Jan 2011
How Attackers Steal Your Data
How Attackers Steal Your Data | threatpost
Pulling valuable data out of corporate networks is the end goal of many, if not most, attacks these days and the tactics that attackers use to get into their targets are fairly well understood and publicized. But it's not often that you get a look at the way that the data is actually removed from the victims' networks.
Two security consultants from Mandiant presented a fascinating view at Black Hat DC here this week of the methods that attackers are using to exfiltrate the data that they steal from their targets. Many of the methods are what one would expect, but in the case studies that Ryan Kazanciyan and Sean Coyne discussed in their talk, there often was a simple twist that make the operation more effective.
The general scenario that the pair outlined for long-term data-stealing operations was a familiar, logical one. The attacker finds a way into the network, often through a highly targeted spear phishing email containing a PDF or Word document with an exploit in it, and gets a foothold on a client machine. He then uses another exploit to escalate his privileges and move to another machine, looking for a PC with valuable data in the form of documents, spreadsheets, financial information or whatever else is available. That data is then moved to a staging area on the network until the attacker packages it up and sends it out.
|My System Specs || |