Protecting Your Organization With Open-source Intelligence (OSINT)

We live in the age of the internet where information is at your fingertips or a click away. There’s no doubt knowledge is power but knowledge can also be used as a weapon to do harm. In this post, we’ll talk about one such category that gives power but also brings risks - Open-source Intelligence (OSINT). Threat actors can use OSINT to gather a wealth of information about their targets, which can be used to launch highly targeted and effective attacks. This is why you need to be aware of the potential risks associated with OSINT and learn protecting your data with OSINT.

We’ll first understand what OSINT is, then see how OSINT is used for different intentions by penetration testers and threat actors. And finally, discuss some steps that can be taken to further secure your organization with the help of OSINT.

What is Open Source Intelligence?

Open Source Intelligence (OSINT) is a type of intelligence gathering that involves collecting and analyzing information from publicly available sources. Although search engines such as Google and DuckDuckGo are important components of OSINT, it is not limited to what can be found on these platforms.

Different OSINT tools and platforms are used to gather different kinds of information. For example, Shodan is a platform that helps you identify and gather information about devices connected to the internet at large. Apart from specific OSINT platforms like Shodan, OSINT can also be gathered from news articles, social media posts, blogs, forums, and public records. All-in-all OSINT is any information that can be found publicly.

OSINT has become increasingly important in recent years, as the amount of information available on the internet has grown exponentially. OSINT analysts use specialized tools and techniques to collect, process, and analyze this information to gain insights and make informed decisions. Even security professionals use OSINT to focus their efforts on specific areas of interest. In order to understand this use case better, let’s see how OSINT is used in penetration testing.

How is OSINT used in Penetration Testing?

Penetration testers use open-source intelligence to understand what information threat actors can find on the target and how threat actors can use that information to identify potential weaknesses and exploit them. Once pentesters find this, they work on helping security teams to remediate the weaknesses before they are exploited by threat actors. Good quality pentesting teams use OSINT to further identify security weaknesses and help the security teams implement effective mitigations.

Some of the commonly found weaknesses using OSINT include:

• Accidental leaks of sensitive information.  
• Open ports or unsecured internet-connected devices
• Unpatched software, such as websites running old versions of common CMS products.
• Sensitive information stored in public-facing assets.

Using OSINT tools pentesters can identify to what extent the infrastructure of an organization is  exposed to the internet and what risks they bring. For example, pentesters can check if service ports such as 22 (SSH), 23 (TELNET), and more are exposed on the internet. It is always advised not to expose such service ports on the internet. But if there’s a business need for it, pentesters can test how a threat actor can exploit this.

You can use OSINT information for social engineering to identify which employees are likely to fall for phishing attacks and educate them. Although pentesters are not actively involved in such phishing campaigns, they can check if any credentials have been exposed already.

Although organizations can leverage OSINT to secure their assets and build a safer internet, the public availability of the information it provides can also fall into the wrong hands. Anything that can be found by security professionals can also be found by threat actors. Let’s take a look at  how threat actors use OSINT.

How do Threat Actors use OSINT?

Threat actors can use OSINT as a powerful tool to gather information about their targets and launch attacks. Here are some ways that threat actors can use OSINT:

Reconnaissance

Threat actors can use OSINT to gather information about their target's network, systems, and employees. This information can be used to identify vulnerabilities and attack vectors. For example, if the servers have ports exposed on the internet such as port 22 for SSH, attackers can launch a brute-force attack if the service is misconfigured. Threat actors can go through career pages and learn about the framework or technology an organization is using and focus their attack plan accordingly.

Social Engineering

Threat actors can use OSINT to gather information about employees of the target organization, such as their names, job titles, and contact information. This information can be used to craft convincing social engineering attacks and highly personalized spear phishing attacks that are more likely to succeed.

Password Cracking

A majority of the world does not follow secure password practices. People often end up choosing passwords that do not meet modern cybersecurity standards. Threat actors can use OSINT to gather information about employees, such as their usernames and email addresses which can then be cross-referenced in previous platform breaches. Dumped passwords and credentials are often circulated around the internet after large data breaches (see haveibeenpwned.com). Threat actors can use this information to perform credential stuffing attacks using password dumps.

Physical attacks

Threat actors can use OSINT to gather information about the target's physical location, such as the location of their offices or data centers, the area they live in, what kind of car they drive and much more. This information can be used to launch convincing phishing or social engineering campaigns against individuals.

Applications of OSINT for Defensive Practices

OSINT can be a valuable tool for defensive practices, as it can help organizations identify and mitigate potential threats before they become actual security incidents.

Here are some steps you can take to protect your organization using OSINT.

Choose the Right Tool(s)

Identify the OSINT tools and techniques that work best for you to identify what data you are looking to protect and how you want to use this information to improve security.

Some of the common OSINT tools that you might want to consider are:

• Shodan: Shodan is a search engine that provides information about devices connected to the internet such as protocol, hardware, and much more.
• ZoomEye: An alternative to Shodan.
• theHarvester: This tool helps determine the external threat landscape of a domain.
• Maltego: Maltego is a powerful visual tool that collects data from many OSINT sources, aggregates it, and creates correlations between the data and individuals.
• ReNgine: It is a tool that focuses on discovering attack surfaces and identifying vulnerabilities in web applications. It is highly customizable and makes use of engines, reconnaissance data correlation, continuous monitoring, and reconnaissance data backed by a database.
• Spiderfoot: It is an OSINT automation tool that can scan for IP addresses, domain/sub-domain names, hostnames, network subnets, ASN, email addresses, phone numbers, usernames, and bitcoin addresses.
• Google Dorking: Google Dorking or Google hacking is the technique of using advanced search queries to find information indexed by Google.
• ChatGPT: Hackers are commonly using DAN-based attacks to bypass the ethical limitations of ChatGPT, turning it into the most powerful OSINT tool yet.
• Ghunt: It is an OSINT tool that finds as much information about an individual from their Google profile.

Gather intelligence

Search for OSINT about your organization and see what you can find. Determine what information your organization is okay with being public, if the organization has control over this information, and how well the organization can control these information pieces.

You can gather information about your organization’s network, systems, and employees from an attacker's perspective. Use this information to identify security weaknesses that an attacker could exploit and prioritize remediation.

Implementation

After gathering information using OSINT tools and techniques, you make a list of all the information that threat actors can use for their benefit. You can make the following implementations:

1. If you are not okay with the public data and have control over the data, configure the systems in such a way that it does not disclose the information you do not want to be public.
2. Prioritize the security weaknesses and work on mitigating them.

Some of the OSINT services also allow you to block your organization from being scanned if you’re not comfortable with it, but this ultimately does not solve the problem of having publicly exposed services/sensitive information.

Continuous Cybersecurity Training

Last but not least is continuous cybersecurity training. You can identify all the vulnerabilities and fix all the security loopholes but if your employees are not aware of how to deal with potential attacks, you are still at great risk. OSINT can help you understand what information is out there and how it can be leveraged. Based on this, train the employees on how to identify and deal with potential attacks and create SOPs. Additionally, you can have the compromised credentials changed as soon as possible and educate them on secure password practices.

Conclusion

OSINT is a boon and a bane to an organization’s security. You can use OSINT to identify points of interest to improve security –  however, threat actors can use the same information which can be used to launch highly targeted and effective attacks. This is why it's important for organizations to be aware of the potential risks associated with OSINT and to take steps to protect their sensitive information.

Through this post, we’ve understood what OSINT is, how penetration testers and threat actors use OSINT differently, and finally discussed some steps to take for protecting your organization with OSINT. Performing high-quality penetration testing can help you avoid catastrophic cyberattacks. If you’re looking for a solution like this, check out Software Secured’s Pentesting service.