Data Exfiltration

Data exfiltration is the unauthorized transfer of data from your organization to an external destination controlled by an attacker. This is often the attacker's ultimate objective — after gaining access and moving through your network, they identify valuable data (like CUI) and transfer it out through various channels: encrypted connections, cloud storage, email, DNS tunneling, or even physical media.

Detecting data exfiltration requires monitoring outbound network traffic for anomalies, implementing DLP solutions, and watching for unusual data access patterns. Advanced attackers use slow, encrypted exfiltration to avoid triggering volume-based alerts.