T1567 Exfiltration Over Web Service
Adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command and control channel. Popular Web services acting as an exfiltration mechanism may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to compromise. Firewall rules may also already exist to permit traffic to these services.
Web service providers also commonly use SSL/TLS encryption, giving adversaries an added level of protection.
|Data Loss Prevention
|Data loss prevention can be detect and block sensitive data being uploaded to web services via web browsers.
|Restrict Web-Based Content
|Web proxies can be used to enforce an external network communication policy that prevents use of unauthorized external services.