DETECTION OVERVIEW

Data Exfiltration to an Azure Account Name

Risk Factors

Azure is a popular option for data storage. After an initial network compromise, an attacker can move data to an Azure account name that they have created. Attackers frequently seek valuable data to steal, and data can be easily transferred without advanced tools or techniques. The business impact of this type of exfiltration is high because the attacker can steal sensitive data, which can lead to further attacks on your network.

The system might change the risk score for this detection.

Kill Chain

Actions on Objective

Risk Score

Attack Background

Data can be exfiltrated by employees who have access to critical assets, or by attackers who gain unauthorized access to critical assets through malware or an exploit. Attackers can then hide large data uploads by sending the data to a web service, such as Azure, which is frequently accessed by internal devices and approved by firewall policies.

Mitigation Options

Track suspicious activity by implementing strict audit controls on important documents

Implement strict rules for outbound traffic on devices that contain valuable data

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases