Threat actors may schedule data exfiltration to be performed only at certain times of day or at certain intervals. This could be done to blend traffic patterns with normal activity or availability.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.