Amongst these techniques, researchers have found that it is possible to exfiltrate a large amount of information through a number of popular websites such as Facebook, Flickr,
He added: "Modern organisations have networks that are complex and large. However, they often have few security controls in place, meaning that attackers encounter few barriers to stop them and are able to sidestep or compromise the few controls they do encounter. Once inside the network, attackers will move between computers, hunting the information they seek and then exfiltrating that data back to themselves."
MWR works with companies that are under constant threat or have been compromised, and has both skilled (white hat) attackers and defenders with experience in understanding the methods and strategies of advanced attackers. The company identified a number of methods currently being used to steal sensitive data.
MWR researcher and lead author of the whitepapers Dr
"Others use emails, employing simple techniques like setting up an email forwarding rule for the target so any email they receive is copied to the attacker. Others are increasingly using cloud storage such as
He added: "If organisations block access to websites to prevent attackers, they can use popular websites that are likely to be permitted as vectors to exfiltrate data. In an experiment we carried out it was possible to exfiltrate 1TB of data via Flickr in 200mb chunks. It was also possible to exfiltrate 20Gb via
"Increasing use of mobile devices, remote working and VPNs (Virtual Private Networks) will present new opportunities for attackers, who are using more covert methods to exfiltrate the data, such as hiding it as other data types."
MWR extrapolated business and technology trends as well as techniques attackers are just beginning to use, and identified new methods that may be used to steal data in the future.
Dr Chismon said: "Attackers, who are often state sponsored, are already being seen using forensics tools and methods to both find information they otherwise wouldn't and to better hide the data they are stealing. This is likely to become more common."
"Cloud storage and email services are likely to be the predominant method in the future. Connections are encrypted and the services will be used normally by employees, making it hard for investigators to find the malicious connections and it obscures the final destination of the data."
He added: "As more organisations use cloud services for business functions and remote work, attackers can compromise passwords for these services and get the data directly from there rather than needing to obtain it from the organisation's network."
Modern networks are becoming increasingly complex, meaning that there will always be routes that an attacker can take to access sensitive data. In the whitepapers, MWR details what organisations can do to better protect themselves.
Dr Chismon commented: "Sadly, there is no magic bullet that can prevent attackers from obtaining data. To stand the best chance of detecting and deterring advanced attackers, organisations need to force them through controlled routes. They then need to increase the number of actions attackers would have to take to access the data and finally, develop and hone their ability to detect suspicious actions or movements to effectively investigate alleged breaches.
MWR Infosecurity, supported by CPNI, has published a high level animation and two whitepapers - one paper for senior executives giving a high level overview of the work and the other, a detailed guide for implementers.
Most Popular Stories
- Criminal Investigation Opened Into James Foley's Death
- Apple Stock Bounces Back Big Time
- Is Diversity in the Eye of the Beholder?
- Investors Betting on ECB Stimulus Measures
- 'Mythbusters' Build Team Gets the Boot
- Jennifer Lopez Would Marry Again
- Florida Judge Rules in Favor of GOP Voter Map
- Mo'Ne Davis a Big Winner Despite Loss
- DHS Warns Retailers About Malware in Cash Registers
- Hackers Get Homeland Security Employee Records