Towards Reducing Business-Risk of Data Theft Implementing Automated Simulation Procedures of Evil Data Exfiltration

Towards Reducing Business-Risk of Data Theft Implementing Automated Simulation Procedures of Evil Data Exfiltration

연구 분야: Safety

학회: ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security

As of today exposure and remediation technologies are mainly validated by taking the attacker’s perspective. This paradigm is often referred to as Know Your Enemy. It enables a realistic assessment of the actual attack surface of your IT infrastructure. Furthermore, the operational environment is becoming increasingly dynamic and complex. Hence a flexible and adaptable reaction to the tactics, techniques, and procedures of cyber attackers must be implemented. In this work, we present a concept and a prototypical proof of concept, which take both aspects into account. More precisely we present a simulation-based approach in the scope of data exfiltration, which improves anticipation of the attacker’s perspective and thus puts effective and adapted strategies into place. As sample use cases of data exfiltration techniques, we shed light on recent techniques like abuse of scheduled tasks, which presumably will become of increasing importance in the future. Our prototype makes use of common open-source software. During our evaluation, we simulate relevant sections of our sample attack vectors using test data and derive options for detection and protection against the respective simulated attack. Finally, we expound on the integration of our proposed technical and organisational measures into an existing Information Security Management System (ISMS) as part of a process for continuous improvement.