Data Theft

Data theft is the unauthorized, illegal transfer of confidential data, such as health records, financial information, and personally identifiable data.

In the case of the LameHug infostealer linked to APT28, attackers used large language models to generate commands for harvesting sensitive files, credentials, and logs from infected systems. Once collected, this data was sent to attacker-controlled infrastructure for use in espionage, financial exploitation, or further attacks.

How can your business combat data theft?

Prevent unknown or unapproved applications from running in your environment and control what approved applications can access. This removes the attacker’s ability to execute infostealers or use legitimate programs to extract sensitive data.

Restricting application execution through allowlisting ensures that only software explicitly approved by your organization can run. Applying Ringfencing™ to approved applications limits their ability to interact with files, network shares, or the internet unnecessarily, cutting off common data exfiltration paths.

Implementation and benefits

With ThreatLocker® Application Allowlisting, administrators can block all unapproved software by default, stopping malicious tools before they run. Ringfencing™ enforces granular rules that prevent even trusted applications from accessing data they don’t need. Storage Control adds another layer by restricting the movement of files to removable media or unauthorized cloud storage. These solutions work together to reduce the attack surface, contain potential breaches, and protect sensitive data without adding complexity.

Key takeaway

‍Blocking unknown applications and restricting the behavior of approved ones is a proactive, high-impact way to prevent data theft. By combining allowlisting, Ringfencing™, and Storage Control, organizations can significantly reduce the risk of sensitive information leaving their environment.

‍