A security analyst detects unusual outbound network traffic from a database server to an unknown IP address. The traffic uses encrypted connections on port 443. Which type of attack is MOST likely occurring?
Trap 1: SQL injection
SQL injection is typically used to extract data via web application, not encrypted outbound traffic.
Trap 2: Ransomware
Ransomware usually encrypts files locally and demands ransom, not necessarily exfiltrating data.
Trap 3: Denial of service
DoS attacks generate high traffic to overwhelm resources, not stealthy encrypted outbound.
- A
Data exfiltration
Encrypted outbound traffic to an unknown IP is a classic sign of data exfiltration.
- B
SQL injection
Why wrong: SQL injection is typically used to extract data via web application, not encrypted outbound traffic.
- C
Ransomware
Why wrong: Ransomware usually encrypts files locally and demands ransom, not necessarily exfiltrating data.
- D
Denial of service
Why wrong: DoS attacks generate high traffic to overwhelm resources, not stealthy encrypted outbound.