Data exfiltration is the unauthorized transfer of sensitive data from an organization to a location controlled by an attacker.
What Is Data Exfiltration?
Exfiltration is often the final stage of an intrusion, but preparation usually starts much earlier through credential theft, privilege escalation, internal discovery, and staging. Attackers may use web traffic, cloud storage, email, file transfer services, or covert channels to move data out of the environment.
Common Exfiltration Methods
- Direct File Transfer: Copying data to attacker-controlled infrastructure
- Cloud Service Abuse: Uploading data to unsanctioned storage platforms
- Application Layer Tunneling: Hiding transfer inside normal protocols
- Staged Compression and Encryption: Packaging data before movement
Why It Matters
Even when disruption is limited, exfiltration can cause major regulatory, legal, and reputational damage. Detection depends on understanding both attacker behavior and the normal movement patterns of sensitive data.
How FourCore ATTACK Relates
FourCore ATTACK helps teams validate whether controls identify the behaviors that lead up to exfiltration and whether detection and response workflows trigger before high-value data is removed.