- Joined
- 31.10.19
- Messages
- 179
- Reaction score
- 296
- Points
- 63
What is OSINT?
OSINT and Information Security.
OSINT can be used to prepare targeted attacks on your organization. To execute a successful operation, cybercriminals require substantial information about the target organization. Particularly when attackers rely less on technologically advanced tools like expensive zero-day exploits and sophisticated malware and more on social engineering tactics OSINT often becomes their primary tool. One of the most valuable sources of open data when preparing an attack on an organization is the social media activity of employees. In particular, LinkedIn can provide a wealth of information about the company's organizational structure, including names, positions, work histories, social connections and other valuable information about employees. For example, in the highly publicized Twitter hack a couple of years ago attackers used LinkedIn to identify Twitter employees who could provide access to the internal account management system. They then leveraged social engineering and phishing techniques to obtain the necessary login credentials for account hijacking.
How to protect from OSINT?
OSINT is primarily a passive information gathering method making it challenging to defend against. However, there are steps you can take to mitigate the risks associated with OSINT.
1. Training and Awareness.
Given that OSINT often relies on social media platforms, training about the risks of sharing sensitive information on social channels is crucial. Additionally, educating about potential threats and how to protect against them is essential. You should be cautious of phone calls, emails and text messages that prompt you to take potentially risky actions. You should understand that even if an email contains real information about the company it doesn't necessarily mean that the sender is a legitimate colleague. Information could have been gathered from open sources.
2. Counterintelligence using OSINT.
Over the past decade the cybercriminal world has become highly specialized. Some people are engaged in the creation of malware, completely others are engaged in data collection and they buy it on the darknet and use it all for specific attacks - in general, still others. But the fact that someone has collected information about you is a great indicator of an impending attack. So monitoring OSINT activity can provide valuable insights into potential threats. For instance, if someone is attempting to sell data about your organization it may indicate an imminent attack. By conducting your own reconnaissance you can prepare for potential malicious actions.3. Segmentation, Rights Management and Zero Trust.
Reducing the potential damage from OSINT and social engineering attacks involves limiting their spread within your network. Proper network segmentation, defining security policies for each segment and restricting data movement between segments are essential. Effective user rights management, implementing the principle of least privilege and periodically reviewing user permissions based on role changes are crucial. Transitioning to a Zero Trust model (where no device or user is inherently trusted inside or outside the corporate network) can enhance security.Conclusion.
OSINT can be a powerful tool in the hands of cybercriminals. It's essential to be aware of this threat and take steps to minimize potential damage. Protecting your organization from OSINT requires:
- Providing comprehensive training on information security.
- Establishing internal communication channels for cybersecurity updates.
- Monitoring data collection about your organization and it's potential sale on the darkweb.
- Implementing measures such as strict user rights control, network segmentation and ideally adopting a Zero Trust approach.
Last edited:
