How to Identify and Prevent Steganography-Based Data Breaches

C.

The correct answer is C. Outgoing emails containing unusually large image files.

Steganography is a technique used to hide data within other data, such as an image, video, or audio file, without changing the appearance of the carrier data. In this scenario, the in-house penetration tester plans to exfiltrate data through steganography to evade a new DLP system.

The DLP system is designed to prevent the unauthorized exfiltration of sensitive data, and it typically looks for patterns that match predefined rules to detect potential data breaches. By using steganography, the tester aims to bypass the DLP system's detection mechanisms by hiding the data within seemingly innocuous files.

Option A, Abnormally high numbers of outgoing instant messages that contain obfuscated text, may be a red flag but it's not specific enough to determine if the tester is using steganography or not.

Option B, Large-capacity USB drives on the tester's desk with encrypted zip files, could be suspicious but without further context, it's impossible to determine if the tester is exfiltrating data or not.

Option D, Unusual SFTP connections to a consumer IP address, could also be suspicious, but it's not specific enough to determine if the tester is exfiltrating data or not.

Option C, Outgoing emails containing unusually large image files, is the correct answer because steganography typically involves hiding data within other data, such as an image file. If the tester is using steganography to exfiltrate data, the outgoing emails would contain unusually large image files that are larger than the average size of an image file. This could be a red flag that indicates the presence of hidden data within the image file. Therefore, this option is the best choice to catch the tester in the act.