MITRE ATT&CK / T1567
T1567
Exfiltration Over Web Service
Exfiltration
Description
Adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command and control channel. Popular Web services acting as an exfiltration mechanism may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to compromise. Firewall rules may also already exist to permit traffic to these services.Web service providers also commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Platforms
ESXiLinuxmacOSOffice SuiteSaaSWindows
Mitigations
- M1021 — Restrict Web-Based Content
- M1057 — Data Loss Prevention
Look up any technique
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →