Detections
- ID: DT048
- Created: 02nd June 2024
- Updated: 19th July 2024
- Contributor: The ITM Team
Data Loss Prevention Solution
A Data Loss Prevention (DLP) solution refers to policies, technologies, and controls that prevent the accidental and/or deliberate loss, misuse, or theft of data by members of an organization. Typically, DLP technology would take the form of a software agent installed on organization endpoints (such as laptops and servers).
Typical DLP technology will alert on the potential loss of data, or activity which might indicate the potential for data loss. A DLP technology may also provide automated responses to prevent data loss on a device.
Sections
| ID | Name | Description |
|---|---|---|
| IF010 | Exfiltration via Email | A subject uses electronic mail to exfiltrate data. |
| ME007 | Privileged Access | A subject has privileged access to devices, systems or services that hold sensitive information. |
| ME009 | FTP Servers | A subject is able to access external FTP servers. |
| ME010 | SSH Servers | A subject is able to access external SSH servers. |
| IF010.001 | Exfiltration via Corporate Email | A subject exfiltrates information using their corporate-issued mailbox, either via software or webmail. They will access the conversation at a later date to retrieve information on a different system. |
| IF010.002 | Exfiltration via Personal Email | A subject exfiltrates information using a mailbox they own or have access to, either via software or webmail. They will access the conversation at a later date to retrieve information on a different system. |
| PR015.003 | Email Forwarding Rule | The subject creates an email forwarding rule to transport any incoming emails from one mailbox to another. |
| IF002.005 | Exfiltration via Physical Documents | A subject tansports physical documents outside of the control of the organization. |
| ME005.002 | SD Cards | A subject can mount and write to an SD card, either directly from the system, or through a USB connector. |
| ME006.001 | Webmail | A subject can access personal webmail services in a browser. |
| ME006.002 | Cloud Storage | A subject can access personal cloud storage in a browser. |
| IF002.007 | Exfiltration via Target Disk Mode | When a Mac is booted into Target Disk Mode (by powering the computer on whilst holding the ‘T’ key), it acts as an external storage device, accessible from another computer via Thunderbolt, USB, or FireWire connections. A subject with physical access to the computer, and the ability to control boot options, can copy any data present on the target disk, bypassing the need to authenticate to the target computer. |
| IF018.001 | Exfiltration via AI Chatbot Platform History | A subject intentionally submits sensitive information when interacting with a public Artificial Intelligence (AI) chatbot (such as ChatGPT and xAI Grok). They will access the conversation at a later date to retrieve information on a different system. |
| IF018.002 | Reckless Sharing on AI Chatbot Platforms | A subject recklessly interacts with a public Artificial Intelligence (AI) chatbot (such as ChatGPT and xAI Grok), leading to the inadvertent sharing of sensitive information. The submission of sensitive information to public AI platforms risks exposure due to potential inadequate data handling or security practices. Although some platforms are designed not to retain specific personal data, the reckless disclosure could expose the information to unauthorized access and potential misuse, violating data privacy regulations and leading to a loss of competitive advantage through the exposure of proprietary information. |