Question

A security operations team was alerted to abnormal DNS activity coming from a user's machine. The team performed a forensic investigation and discovered a host had been compromised. Malicious code was using DNS as a tunnel to extract data from the client machine, which had been leaked and transferred to an unsecure public Internet site. Which of the following BEST describes the attack?

A. Phishing
B. Pharming
C. Cache poisoning
D. Data exfiltration

Answer 1

D. Data exfiltration

Step-by-step explanation:

Data theft can be defined as a cyber attack which typically involves an unauthorized access to a user's data with the sole intention to use for fraudulent purposes or illegal operations. There are several methods used by cyber criminals or hackers to obtain user data and these includes DDOS attack, SQL injection, man in the middle, phishing, sniffing, data exfiltration, etc.

The type of attack in this scenario is best described as data exfiltration.

Data exfiltration can be defined as a form of data security breach that typically involves an unauthorized transfer of data from a host computer by using a malware and a malicious code.

Hence, data exfiltration occurs when a malicious code uses a domain name server (DNS) as a tunnel to extract data from an end user's computer (client machine) and transferring it to an unsecure public Internet site.