Data Exfiltration: External Attack Vectors and Countermeasures

With regards to our work on Cyber Security, we have recently successfully completed a collaborative piece fo work with researchers from Security Lancaster, University of Lancaster, UK. Our collaborative work was focused on identifying and understanding Data Exfiltration: External Vectors and Countermeasures and has been accepted in Journal of Network and Computer Applications with the following title and abstract. The pieces of paper provide an extensive literature review that is expected to be leveraged for understanding the key external attack vectors and the countermeasures and the areas for future research.

“Data Exfiltration: A Review of External Attack Vectors and Countermeasures”

Context:One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or aninsiderof an organization. Given the increasing number of data exfiltrationincidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, and investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field. Objective:This paper reports a aimed at identifyingand critically analyzingdata exfiltration attack vectorsandcountermeasuresfor reporting the status of the art anddetermining gaps for future research. Method:We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracteddata from the reviewed papers. Results:We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest). Conclusion:This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in ‘in use’ state, therefore, future research needs to be directed towards securing data in ‘in rest’ and ‘in transit’ states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework.”

This entry was posted in Big Data, Cloud Computing, Cyber Security, Data Exfiltration, Knowledge Sharing, Security, Service Oriented Computing. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s