February 12, 2014, 2:53 PM — In part five of a series on understanding the processes and tools behind an APT-based incident, CSO examines the exfiltration phase. At this point, all of the other phases are complete, and if the campaign hasn't been halted before now, it's likely that data will be removed from the network.
Exfiltration is the endgame for an attacker. If the attack – and it doesn't matter if the attack is passive or targeted – has made it to this point, your day is about head up a famous creek and you're missing a paddle.
To continue reading. register here to become an Insider. It's FREE to join!
This article is part of a series about APT campaigns. The topics covered in this series are:
Weaponization and Delivery
Exploitation and Installation
Command and Control, and