DETECT . ANALYZE . REMEDIATE OSINT: The Secret Weapon in Hunting Nation-State Campaigns alon@intsights.com Alon Arvatz +972-545444313 1 1
1 What People Think … 2
True or False? Threat intelligence Nation-state actors Commercial threat intelligence won’t is focused on the just sit in a secured “ reconnaissance ” place collaborating help me against phase over internal nation-state attacks networks 3
2 Using OSINT to Detect Attacks 4
How Nation-state Cyber Attacks Unfold? The Attack Supply Chain Motive Targeting Development Infrastructure Recon Attack 5
What Does This Mean For You 6
Step 1: Outrun Your Competitor • Don’t outrun the bear, outrun your competitor. • Benchmark your digital footprint. • Benchmark is a crucial security need! 7
Benchmark in the telecom industry Leaked credentials Employees on target lists 1500 40 1452 34 1450 35 1400 30 1350 25 18 1300 20 1248 1250 15 1200 10 1150 5 1100 0 Telecom1 Telecom2 Telecom1 Telecom2 8
Nation-State Attacks Motivations Damage Support for Intelligence Profit (??) Other Efforts 9
Step 2 : Get Into The Attacker ’ s Shoes • How does your attacker see you? • What is your digital footprint? • 2 steps: Monitor your digital foot print. • Clean your digital footprint. • 10
Exploitable Data 11
Exploitable Data 12
Clean Your Digital Footprint 13
Step 3: Monitor The Dark Web Clear Web • What is the Dark Web? Deep Web • Hackers #1 interest – Anonymity. Dark Web 14
They Are On The Dark Web! What are they doing on the Dark Web? • Recruiting/Hiring. • 0days. • Staying up-to-date. *OpCleaver, Cylance 15
Recruiting *APT1, Exposing one of China ’ s Cyber Espionage Units, Mandiant 16
Outsourcing *Exposed by Noam Jolles, Diskin Advanced Technologies 17
How Can They Be Detected? Nation State Actors on the Dark • Web • Very few posts. • Very laconic. • Don ’ t contribute. • Looking for 0days. • Unlimited budget. 18
How Can They Be Detected? 19
Step 4 : Weapon Deployment • States collaborate on closed networks but organizations are on the surface. • In order to attack, states have to reach the surface, and that leaves them exposed. TI can help detect: • Phishing attacks - fake domain registration. • Malicious mobile applications • Fake social media profiles 20
Fake Social Media Profiles 21
How Nation-state Cyber Attacks Unfold? The Attack Supply Chain Motive Targeting Development Infrastructure Recon Attack Phishing domains Exploitable Data Benchmark Dark Web monitoring Malicious mobile apps Data Leakage Exploitable Data Fake social media profiles Data Leakage 22
Conclusion: OSINT Is Critical Operational Eliminates Enable Blind Spots Efficiency Proactive Security 1. Optimized risk picture with an 1. Connect external threats with your 1. Actionable visibility aggregated and coordinated view enterprise before they attack. 2. Automate remediation for internal across internal and external threats. 2. Capture early warning signals. and external systems 2. Context to effectively scope alerts 3. Metrics and visibility showcasing or gauge the severity of a threat. security’s impact. 23
Thank You alon@intsights.com Alon Arvatz +972-545444313 1 24
Recommend
More recommend