Attackers Step Up How they Steal Data

Friday, September 4, 2015 @ 04:09 PM gHale

Attackers are getting into systems, there is no doubt, but they are also elevating the methods used to steal information, a new report said.

One of the ways attackers evade detection is to disguise the data before sending it out, according to the report from Intel Security.

Phishing Security Training Saves Millions
Virtual Breach Costs More for Businesses
Gap in App Security Remains
Manufacturing a Top Tor Target

“They are compressing the data so that it’s smaller in size, or making it look like something else,” said Intel Security CTO Steve Grobman. “Or they cut it up into little pieces and send the pieces to different places, so that the attacker can then pick up all the chunks and reassemble them.”

One case in point is if a company’s employees post pictures to Twitter, attackers can embed data into images so the image still looks normal, and attach the image to an otherwise harmless-sounding Twitter post.

“The attacker can then follow the Twitter feed,” said Grobman. “It looks legitimate but it is actually smuggling data out.”

Gmail can also end up used to smuggle data out, especially when there is encrypted traffic, Grobman said.

Another way attackers are hiding their behavior is to leverage processors not normally monitored for suspicious activity — like graphics processors.

“The GPU might be used to run a domain generation algorithm to identify domains for exfiltration,” said Grobman. “Because the GPU is a separate processor, you would not be able to see some of the math or algorithms running on it.”

GPUs, however, have limits on what they can actually do, he added. “Although you do get isolation by running on the GPU, you still need to interact with the rest of the system to do something useful,” he said.

To deal with the latest advances in exfiltration technology, companies need to look at their data in a new way, Grobman.

Companies need to identify all the data sources potentially interesting to attackers.

Leave a Reply

You must be logged in to post a comment.