Attackers go undetected with OSINT. Image by Pete Linforth on Pixabay
OSINT (Open Source Intelligence) is the process of obtaining, collecting, analyzing and summarizing freely available information from public sources such as the Internet.
OSINT techniques are a proven means for security teams to discover internal data and infrastructure information that should not be public.
What data should not be visible to third parties?
This includes internal resources such as open ports and networked devices. A lot of information can also be found on a company's own websites and social networks and, more recently, Chat GPT, which it is better not to publish.
Unfortunately, OSINT does not only provide administrators or security teams with valuable information about a company's infrastructure. Hacker teams also benefit from freely available information from the various sources of the Internet.
Using OSINT is perfectly legal as long as no personal data is obtained from social media, for example.
What is the danger for companies in the information obtained through OSINT?
Very common among hackers is the search for security vulnerabilities such as unpatched devices, open ports, misconfigured cloud storage or even accidentally published information to locate potential attack targets.
For the attacker, this form of data acquisition is absolutely risk-free. There is virtually no risk of being discovered.
Combined with other information about employees obtained from social media, attackers get a clear picture of suitable victims and the optimal tactics to attack the company.
What should companies do now?
In order to identify potential attack vectors on their business or customers, OSINT must become a central part of cyber risk management. The problem here, especially for smaller and mid-sized companies, is the enormous amount of data needed to analyze this data.