Are we surprised that the bad guys are taking advantage of the COVID-19 pandemic and the rush into remote work at many companies that it has caused? Our new guide to critical OSINT research tools helps you to spot threats early.
For criminals and state-sponsored threat actors, the work-from-home arrangements that organizations have set up for their employees (often in a rush) present a golden opportunity.
While mandated lockdowns and social distancing are devastating businesses and their employees, purveyors of disinformation and fraudsters are thriving. Google’s Threat Analysis Group warned on April 22 that over “18 million malware and phishing Gmail messages per day related to COVID-19.”
According to that post, more than a dozen of the threat groups behind such campaigns are state-sponsored attackers. They are on the lookout for new targets every day, around the clock, and unlike most of their victims not constrained by a 9-to-5, Monday-through-Friday schedule.
Most companies have not yet transitioned into a fully secured online environment, often relying on their employees’’unmanaged devices and home networks. This scenario leaves many organizations vulnerable when remote workers access corporate resources online.
Let's be real - your NSOC wasn’t designed to cover the remote “new normal”, either. The attackers know full well that your hands are tied behind you back, so to speak, while you’re trying to protect your network, and they’re taking full advantage of the crisis.
The booklet 21 OSINT Research Tools for Threat Intelligence, published by Authentic8, introduces tools and apps that help investigators scour the open, deep, and dark web under these challenging conditions.
Many researchers are already leveraging web isolation with the Silo for Research (Toolbox) platform, which provides multiple layers of protection and managed attribution capabilities to keep OSINT investigations secure and efficient. What else can they turn to in their arsenal?
In our new quick guide, our open-source intelligence specialists, analysts, and threat hunters introduce you to some of their other favorite tools. A few items in this collection are desktop clients; others are services that facilitate data mining in particular OSINT areas.
One example is Torch, which enables investigators to conduct keyword searches for hidden services only accessible through Tor. It can be used to cross-reference conversations across different .onion sites when trying to deanonymize adversaries who use Tor.
For attackers, reconnaissance and information gathering is the crucial element that determines whether or not an attack is going to be successful. Where do they get their data? In a word, everywhere on the web - from a WiFi-connected refrigerator in the (home) office to your open and vulnerable Elasticsearch Kibana instance.
The booklet we compiled for you presents an arsenal of tools for identifying vulnerabilities and obtaining artifacts that you can leverage for threat intelligence gathering. Such artifacts include geolocation data, 1day exploits, where images come from, IoT devices left exposed to the web, website changes over a given time, voter records, police records, or bitcoin transaction traces.
Examples of tips and tools in the booklet include:
How can you prevent attackers from exploiting the weakest links in your organization’s WFH environment?
What you need now are ways to spot vulnerabilities first, before your adversaries. Where is the next phishing, malware, mass exploitation campaign going to happen?
This is a good time for taking measure, by finding information left out in the open by employees that could be leveraged in pinpointed attacks on your organization.
Destroying such information from the internet can be as hard as removing piss from a swimming pool, so knowing what’s out there in the first place goes a long way towards reducing the attack surface.
Where to begin? What data are relevant? Where do we find it? How do we search for it and turn it into knowledge? We hope our free guide 21 OSINT Research Tools for Threat Intelligence will provide a solid starting point.