Adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command and control channel. Popular Web services acting as an exfiltration mechanism may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to compromise. Firewall rules may also already exist to permit traffic to these services.
Web service providers also commonly use SSL/TLS encryption, giving adversaries an added level of protection.
View in MITRE ATT&CK®Technique ID | Technique Name | Number of Mappings |
---|---|---|
T1567.002 | Exfiltration to Cloud Storage | 3 |
T1567.001 | Exfiltration to Code Repository | 3 |