Your company's private information might be available to anyone in this world, do you know that?
OSINT helps us to see what the hackers can see. To protect yourself, your company, or your staff, you need to know what is out there about you. OSINT helps us to gather this intelligence.
Don't worry if you don't know what OSINT is and Why you should use OSINT. After reading this post, you'll know what is OSINT and How you can use it to protect your organization. Let's get it.
What is OSINT?
OSINT stands for Open Source Intelligence. It is a collection of intelligence gathering tools and techniques that rely on publicly available information.
There are many open-source tools that can help you gather open-source intelligence. As OSINT is a term used to describe the practice of gathering intelligence from open sources, it won't be considered a cybercrime. If you know how to do proper research and where to look for the information then it will be easily available.
OSINT is legal as you are only viewing the information which is available publicly, you are not trying to view some private information or user credentials without users' permission. OSINT is free to everyone and everyone can use it.
You are only reviewing the public information and not trying to break into someone's account to read private messages.
Open-source intelligence can be gathered from various sources like social media, the internet, research journals, and mass media. It can also be gathered from sources such as state or national government search tools such as California’s Secretary of State Business Search and the United Kingdom’s Companies House Company Search.
This can be done in many different ways, and it can be either passive or active collection: Passive OSINT involves watching what happens in public places, reading public information, and collecting data that you come across on the internet. Active OSINT involves the use of more advanced techniques like cyber-espionage and hacking for the purpose of collecting information about specific people or organizations.
It can be used for many different purposes:
- Identifying potential security threats
- Gathering intelligence about competitors and potential partners
- Gaining an understanding of the market
- Identifying opportunities
How can you use OSINT?
OSINT is useful for detecting vulnerabilities that are released by the disclosure of information. It can further help organizations identify any unauthorized activities.
Anyone in the organization can share vital information about the organization out in public, do you have someone who is giving away very critical information? So most of the penetration testing and Red Team security teams perform Open-source Intelligence searches for the data gathering as the first phase.
The data is public and as I said it's not considered a cybercrime then anyone can view the data of your organization. To find out how much data about your organization is out there, you need to perform OSINT searches on your organization.
Various OSINT Techniques
There are different techniques to do OSINT searches for your organization. You can start with any of the techniques, just do a wider search and then refine it to a narrower focus.
Your organization's website has all sorts of information that a threat actor can use. The "About Us" page might have the history of your organization or the "Meet the team" page has roles and names along with the email addresses of each of your employees. You can obtain list o clients from the testimonials page and you can find social media profiles of the employees working in your organization.
A threat actor can send an email to one of the employees using the email addresses gathered from the website. The threat actor can pretend to be a senior member of staff and can demand any private files or money. this attack is also called the spear-phishing attack that threat actors use.
Documents and photographs on social media and blogs need to be properly examined for information that cannot go public. Computer screens, boards, documents, and identity badges can reveal information to a threat actor.
Social media sites like Facebook, Twitter, and LinkedIn can give a lot of information easily. A post on social media for any of employee's birthday or any organization-related post can be useful for a threat actor. The threat actors can easily know the name and birth date of that person and now can predict the password might be "name@1998" or "name1998".
Threat actors can use social engineering to get unauthorized access to your organization's building or company information.
OSINT Toolkit
There are various OSINT tools and most of them are in Kali Linux. Other tools are available on GitHub or as stand-alone installs. You need to use Linux because most of them are Linux only.
- Shodan: It is a search engine used to detect insecure devices, particularly Internet of Things devices.
- Google Dorking: Google dorking or Google hacking uses advanced search techniques to find items that have been indexed by Google yet don’t show up in normal searches,
- Ghunt: it lets security professionals gather targets Google's "footprint" using only the email address.
- ReNgine: ReNgine can perform scans by combining data from across several tools, then displaying the results. This gives you a unique view of their content such as social media pages or articles they've written
- theHarvester: Helps to “determine a company’s external threat landscape on the internet” by gathering “emails, names, subdomains, IPs and URLs”
- ZoomEye: An alternative of Shodan.
- Social Mapper: Social Mapper uses facial recognition to track targets across multiple social media platforms, which are free but require you to register.
- Spiderfoot: An OSINT automation tool is a software solution that allows businesses to perform intelligence gathering on endpoints and other locations as of concern.
- Maltgo: Maltego collects information from your OSINT sources, organizes it, and provides you with a visualization of a set of links between people and other related data.
- Sublist3r: Python-based sub-domain enumerator
Conclusion
Alright, Now you know how threat actors can use OSINT to attack your organization and how you can prevent it.