Adversaries may attempt to exfiltrate data via a physical medium, such as a removable drive or ODB-II. In certain circumstances, such as an offline network compromise, exfiltration could occur via a physical medium or device introduced by a user. Such media could be an external hard drive, USB drive, cellular phone or other removable storage and processing device. The physical medium or device could be used as the final exfiltration point or to hop between otherwise disconnected systems.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.