Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 9 December, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

The concept of Open Intelligence

by The Gurus
June 4, 2020
in This Week's Gurus
Share on FacebookShare on Twitter

Through robust research and commercial engagements covering eight years, Cytelligence are able to attest that the element of Open Source Intelligence [OSINT] is not only a major source of exposure and a potential point of exploitation, but it can also be key in the majority of successful cyber attacks against random, and/or selected targets.

It is in this area where one piece of work which was produced on this journey to prove the exposure and went on to outline some of the areas of potential exploitation which were made available to potential attackers.

It is also of added value to introduce the results of a mini survey which was conducted in November 2014 where 80 delegates were asked to confirm if their organisations considered, and/or protected against the threats posed by OSINT. The response was however low, with only five per cent confirming that this had been considered as a potential exposure – which seems to indicate that we may have a breakdown in understanding the actual risk posed by this potential of proffered insecurity!

What is it?
Applying OSINT seeks to leverage what titbits, and data leakage are occurring from an organisation, through both direct means, and the more subliminal indirect representations where interesting data objects are unintentionally exposed, or say emended within a publication in the form of MetaData which finds its way into the public domain.

Remember, no matter the deployment of firewalls, IDS/IPS, or those systems considered to be silver bullets in the form of hardware security modules, they offer no real protection against this threat.
Like any military operation where intelligence may be sought prior to a mission against a target, cyber criminals and adversaries also follow this same model, seeking out intelligence against a target pre-launch of their attack. Therefore this maximises the potential of success of exploitation by identifying areas of interest in the form of locating hidden assets, servers, information or gateways into the intended target via some third party link, or association.

Exposed builds and upgrades
Whilst conducting internal examinations of organisational assets, it can soon become clear that the standard build on most corporate systems can be flawed by what are installations of features which offer a high potential for exploitation by both internal, and any external attacker who has managed to circumvent the perimeter of security.

In these manifestations, there are two very powerful and common tools which may be located on around 90 per cent of desktop builds: one of which is a key target for any attacker penetrating the supposed protected environment, to leap over to other collocated assets, or to deploy some malicious tool, application, or even a disk imaging application over the network whilst the administrat
ors sleep.

There are also some potential leakages which are associated with a simple upgrade to Microsoft Office 2010, which in one high profile case allowed their internal personnel to export any classification of data to a selected internet connected private/personal under the very noses of their expensive deployment of a Data leakage Service, and not to mention the firewall, IDS/IPS and HSM [Yes no silver bullets in sight here].

The real point about such misconfigurations was proven during a research project with advanced evasion techniques, where it was demonstrated that by manipulation of the IP Stack, it was possible to circumvent the protection of up-to-date perimeter devices, in order to gain access to a LAN based asset in the form of a servers, laptops, and desktops.

It was from this point in the attack where one could generate a shell with a piece of well-known malware, and then fire up a default-build resident tool to further infiltrate the protected environment. Just in case you are wondering about the anti-malware protection under employment on some of these selected server targets, in some cases, they have been found not to have been provisioned with protection, thus old and useful malware agents such as Conficker still work to this day – even in large UK based PLCs!

We have seen much in the press relating to cyber attacks, compromises, and incursions – and it is time to take this very seriously. As time has proven, governance, and tick-box security standards are simply not working. It is time in my opinion that we must all take steps to assure our cyber security skills are lowered to respond to the threat!

Gasp, yes, that is right – I said ‘lowered’ – which means we move away from the high level view driven out of standards like PCI-DSS, and veneer of the old tag line we follow the spirit of the ISO/IEC 27001, and get back to basics – lower and tune our cyber-skills to a level where we understand security, the associated threats, and the security attributes we may harness to combat the potential incursions before they happen.

Many of us now agree that in 2014 and onward, there are only two types of organisation attached to the Internet: those who have been hacked; and those who will be hacked. The real question is, which category does your organisation fall into?

Professor John Walker is a member of the British Computer Society Elite Group 

FacebookTweetLinkedIn
ShareTweet
Previous Post

(ISC)2 EMEA: Met Police admit difficulty in cracking mobile encryption

Next Post

Businesses fail to balance employee access and security demands

Recent News

New Synopsys Report Reveals Application Security Automation Soars

December 5, 2023
Over 80% of IT Leaders Want to Move Their On-Prem PAM Solution to the Cloud

Over 80% of IT Leaders Want to Move Their On-Prem PAM Solution to the Cloud

December 5, 2023
Centripetal real logo

Centripetal Announces Partnership With Tiger to Provide Cybersecurity Innovation to the UK Market

December 7, 2023
Google bins inactive accounts

Google bins inactive accounts

December 1, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information