Hackers are smart and know a lot of simple tricks to get around the cybersecurity defences that companies spend a huge amount of dollars and time to implement. Once inside a network one of the main aims is to steal data and exfiltrate it to an external destination; this is considered one of the most damaging types of attacks, as it is targeted with intent and the victim organisation has lost sensitive data.
You can send files outside of a network using the simple PING command, which is also known as the ICMP protocol. Using a simple and easily accessible programme called ‘pingsend’, and a script easily found on the internet, empowers a hacker to steal data from within a network, using a common protocol.
By breaking up a file into 16-byte packets the process is possible by “padding” the file into the ICMP packets. As ICMP is an internet native protocol it can bypass firewalls and proxies, if allowed (usually a configuration oversight), and out onto the internet. Without advanced detection controls in place, such as IDS or IPS this activity would go unnoticed if not prevented.
Small security oversights like this can be damaging to any size organisation. Cyber products are only as good as their ongoing configuration and management.