Impact

The main thing to consider here is that domain level filtering is no longer enough for egress (and in some cases ingress), the content and the intent of those requests going to those domains haven't being measured and for a long time it never really needed to be, but with databouncing, a request to Microsoft or your favorite defense provider no longer carries the assurance of good intentions (for example).

This has an impact on defense as a vertical, visibility becomes unclear, confidence needs to be re-obtained and threat models adjusted, so with regards to impact, it's a shared problem, but the consequences of databouncing are unique to all that succumb to it's use.

Obvious abuse is that from malicious actors, but there is also a covert nature to this that would be useful for moving data from a oppressive government or difficult situation, there will be growth in the tooling and guides where the offensive space will demonstrate capabilities with databouncing, we're usually a little behind adversaries, we intend to write up impact assessments per industry where possible but for now, bring your own concern.