Open Source Intelligence Applied to Cybersecurity
Introduction
The application of Open Source Intelligence (OSINT) to cybersecurity is not something most businesses will use everyday it is an area worth understanding and having knowledge of. Since it is a vital resource to stay on top of events and threats which may threaten a business. The vast majority of businesses will not collect OSINT themselves but rely on specialist reporting. This post will aim to give an overview of it. OSINT can be defined as an intelligence that is produced from publicly available information and is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.
OSINT Types
OSINT can be classified – according to where the public data is found – into the following categories:
- The internet is the main place where OSINT resources are found. Internet resources include the following and more: blogs, social media websites, digital files (photo, videos, sound) and their metadata, technical foot-printing of websites, webcams, deep web (government records, weather records, vital records, criminal’s records, tax and property records), dark-net resources, data leak websites, IP addresses, and anything published online publicly.
- Traditional media channels such as TV, radio, newspapers, and magazines.
- Academic publications such as dissertations, research papers, specialised journals, and books.
- Corporate papers such as company profiles, conference proceedings, annual reports, company news, employee profiles, and résumés.
- Geospatial information such as Online maps, commercial satellite images, geo-location information associated with social media posts, transport (Air, Maritime, Vehicles, and Railway) tracking.
Ethical Hacking
The utilisation of OSINT search techniques and tools to discover weaknesses in friendly IT systems, so such vulnerabilities can be closed before threat actors discover them. Commonly found vulnerabilities include:
- Accidental leaking of sensitive information on social media sites. For example, an unaware employee may post a personal photo in the server room showing the type of security devices used to secure corporate network.
- Open ports and insecure services running can be discovered when scanning the subject network for vulnerabilities using specialized tools.
- Outdated operating system versions, software and any content management systems already in use.
- Leaked information found on data leak repositories or across the dark-net.
With open-source intelligence tools, the investigation phases has the potential to become streamlined. There is a chance that OSINT tools could decrease the number of permutations and combinations concerning the data gathered from publicly available sources. OSINT can be used to help discover cyberattacks such as phishing and ransomware attacks being directed at a business or organisation.
Comments
Post a Comment