An analyst is part of a team that is investigating a potential breach of sensitive data at a large financial services organization.
The organization suspects a breach occurred when proprietary data was disclosed to the public.
The team finds servers were accessed using shared credentials that have been in place for some time.
In addition, the team discovers undocumented firewall rules, which provided unauthorized external access to a server.
Suspecting the activities of a malicious insider threat, which of the following was MOST likely to have been utilized to exfiltrate the proprietary data?
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.D.
Based on the scenario described, the most likely method that a malicious insider threat may have used to exfiltrate proprietary data is a backdoor.
A backdoor is a means of bypassing normal authentication procedures to gain access to a system or network. In this case, the unauthorized external access to a server was likely achieved through a backdoor. This would have allowed the insider to access the server without triggering any alerts or alarms, making it difficult to detect the breach.
The use of shared credentials to access servers is also a concerning security practice that could facilitate a breach. If multiple individuals have access to the same credentials, it becomes difficult to track who is accessing the system and when. This creates a risk of unauthorized access, particularly if an insider threat gains access to the shared credentials.
While keyloggers, botnets, crypto-malware, ransomware, and DLP (data loss prevention) are all potential threats that could be used to exfiltrate data, they are less likely to have been used in this particular scenario.
A keylogger is a type of malware that records a user's keystrokes, which could be used to capture login credentials or other sensitive information. However, it is unlikely that a keylogger would have been used in this scenario since the insider already had access to the system through the backdoor.
A botnet is a network of compromised computers that can be controlled remotely. While a botnet could be used to exfiltrate data, it is less likely to have been used in this scenario since there is no indication that the insider compromised multiple computers or had remote control of any systems.
Crypto-malware and ransomware are both types of malware that encrypt files and demand payment in exchange for the decryption key. While these types of malware can be used to exfiltrate data, they are typically used for financial gain or to disrupt systems rather than for the purpose of stealing proprietary data.
DLP (data loss prevention) is a security measure that helps prevent unauthorized access or exfiltration of sensitive data. While DLP could potentially detect or prevent the exfiltration of proprietary data, it is less likely to have been used in this scenario since the breach had already occurred.
In summary, based on the scenario described, the most likely method that a malicious insider threat may have used to exfiltrate proprietary data is a backdoor.