Open source intelligence is a powerful tool for security professionals. Unfortunately, cyber criminals also use it. With free and accessible information, criminals can easily identify and attack vulnerable and misconfigured systems. The home office model has increased these risks as many employees work outside the security area of the office.
Understand how threat actors act and use Open source Intelligence enables those involved in security to strengthen their cyber defenses.
What do the attackers get out of it?
Assuming only script kiddies use it Open source The information found on the internet is incorrect. Likewise, it is wrong to think that sophisticated attackers like nation-state actors have virtually unlimited resources and use highly specialized, costly tools that amateur threat actors are not even aware of.
Mapping is easier with sophisticated tools that only a few entities can access. With open source intelligence, however, it is difficult to understand whether data is being collected from various open sources and who has searched from where for unpatched systems.
Free tools contain valuable information that even the most discerning threat actors want. For example, open source intelligence tools like Censys and Shodan allow you to find unpatched systems or misconfigured or unprotected internet-connected devices in different countries. Attackers can use these tools to identify weaknesses in the supply chain of otherwise well-protected organizations.
The dark web also has a lot of information for sale, such as credentials and vulnerable servers. Essentially, someone else does the hard work, and then anyone, even beginners, can buy their way into corporate networks.
The human side of open source intelligence
Device and technology aside, attackers can use open source intelligence to find information about people to develop social engineering attacks like spear phishing. For example, attackers can find the executives of their target company with a simple Google search. You can then find executives’ social media accounts to learn more about their family, friends, location, interests, and hobbies. When attackers know a lot about their victim, they can easily create an undetectable social engineering attack.
For example, threat actors can target an employee who shares their cooking skills on social media. The attackers can email him a discount voucher for a supposedly new gourmet shop. It looks like a harmless PR email, but it can deliver malware to open a back door on the employee’s device. The consequences can be disastrous if the victim is connected to critical infrastructure or a third party partner. Defenders need to protect not only technology, but people too.
Threat actors are literally striking near their home
The shift to work from home has led to a global cybercrime pandemic. Outside the security areas of offices, employees who use personal devices put an Simple goal for threat actors. Users often leave default passwords for peripheral devices such as printers and IoT devices, including security cameras and thermostats. Default passwords for these devices are available through a simple web search. It’s that easy to compromise such devices. Even a single compromised device can give attackers a strong hold in the network.
There are also stores on the dark web that sell access to computers. One store alone has access to more than 350,000 computers, including those that represent industries such as healthcare, government and military facilities. Accessing these computers reveals users’ credentials while revealing information about the websites they visit, allowing attackers to launch a targeted social engineering attack.
Unconscious employees working from home pose a serious threat to businesses because they often fail to follow basic security measures such as changing default passwords and installing new security patches.
Paving the way for future-proof cybersecurity
Over time, social engineering techniques become more targeted, more sophisticated and no longer verifiable. Security conscious people probably know how to search potentially fake social profiles with photos. This will soon become irrelevant as attackers start using AI tools to generate fictional faces. The cyber threat landscape is inevitably getting more complex.
Besides, remote work is here to stay. As the boundaries of the organization become more flexible, the security perimeters of companies should also become more flexible. Organizations must keep their cybersecurity controls by Implement a Secure Access Service Edge architecture. More importantly, companies need to empower their employees to make smart decisions online – at least to prevent information from being passed on on a silver platter.
About the author
Etay Maor is Senior Director of Security Strategy at Cato networks. Maor was previously Chief Security Officer at IntSights, where he led strategic cybersecurity research and security services. Maor also held senior security positions at IBM, where he created and led security breach response training and security research, and at RSA Security’s Cyber Threats Research Lab, where he led malware research and intelligence teams. Maor is an associate professor at Boston College and serves on the call for paper committees of the RSA Conference and the Qubit Conference. He has a BA in Computer Science and an MA in Counter Terrorism and Cyber Terrorism.