Penetrating the Silence: Data Exfiltration in Maritime and Underwater Scenarios.

The risk of data exfiltration remains a concern, even when the connectivity of the victim system is limited or the domain is physically isolated. This paper delves into the unique challenges associated with data exfiltration in surface and submarine naval scenarios in the absence of persistent data connections. It explores contexts where attacks through the supply chain can pose a serious risk even if the compromised hardware or software is not connected to any network or even (apparently) switched off. The attacks exploiting vulnerabilities in some components of the supply chain can serve as a conduit for data exfiltration. This study aims to enhance the overall security posture of maritime systems by identifying possible exposures and mitigating the risk of data exfiltration and covered channel attacks.