The sharp rise in popularity of social media and other interactive platforms in the past decade is news to no one. From open forums to live podcasts to dynamic comment sections, digital tools help people connect at all times. The global pandemic is a good example of how digital media connected a world that was physically distanced.
But they are also a point of entry for bad actors. With so much private data willingly shared, the surface area vulnerable to attack increases. Cyberattacks perpetrated by hackers who use open sources to manipulate users into giving away security information increased by 270% in 2021.
In June 2020, Twitter accounts belonging to global personalities such as Bill Gates, Elon Musk, Joe Biden, and Warren Buffet posted a message promising to double the money of those who sent bitcoins to a certain wallet. That fraudulent tweet was the result of teenage hackers convincing employees to give them their credentials and resulted in the loss of hundreds of thousands of dollars. Could a more advanced monitoring process have helped security officials to flag this breach? That is a question many security professionals are still asking.
While the Twitter hack resulted in monetary loss, it is lucky it wasn’t the work of terrorists. Consequences can be more serious for those in the security, government, and law enforcement arenas, where threats can indicate global criminality. The temperature of online chatter can also clue us into the potential for consequences in the real world, as vitriol and rhetoric may spur individual actors to “do something.” Whether you are an enterprise, a high profile individual, or even a non-profit, the ability to detect actionable intelligence and receive immediate alerts is an essential component of any security plan.
What is Open-Source Intelligence Threat Monitoring?
Open-source intelligence, or OSINT, is the gathering of information from public, legal data sources. Open sources include social media, blogs, news, and the dark web. By monitoring these channels – which are already tracked and exploited by hackers and criminals – it is possible to prevent attacks and protect your organization. Among others, OSINT includes readily searchable public data, deep web content that may require a login but is part of the public domain, and metadata from posts.
Careful monitoring of this material can uncover workplace security threats (including insider threats), protect high-level executives and officials, and curb practices like phishing attacks – which extract sensitive information that is then leveraged to install malware or ransomware.
OSINT threat monitoring is especially important because it can provide security teams with very early risk indicators of possible attacks. If you can pick up on a fake link shared in a forum or a social media profile that appears to behave oddly, you might avoid a far worse outcome down the line.
The primary challenge is sifting through the firehose of data that springs forth once you start looking. The higher the profile of the asset, the greater amount of chatter to parse through.
Using Threat Intelligence to Prevent Attacks
Monitoring a large volume of data is only the first step. Companies must then be able to quickly flag potential danger, analyze it, and neutralize threats. This is often accomplished using specially designed platforms deploying a blend of Artificial Intelligence, Machine Learning and Big Data Analytics. For example, Interfor utilizes proprietary databases with keyword-tracking features as a critical step in social media monitoring.
These AI-powered tools allow for the critical monitoring of deep web sources like chan sites and message boards that searches on traditional sites like Facebook would overlook. Open-source monitoring can also pick up potential legal threats such as lawsuits and investigations by regulators, as well as human resources threats such as protests or disgruntled employees.
But despite the technological firepower you might bring to bear, human analysis remains a key component in plugging gaps in the digital mesh and for making sense of it all. Security experts compare open-source data with closed data sources, such as internal telemetry, data gathered from the dark web, and other external sources for a more comprehensive picture. User behavior analytics are the key to learning about the context of a potential attack.
Hackers and Security Experts: A Two-Way Street
With open-source data, it is important to remember that the tools and analytics available to security teams are also available to bad actors. For example, a cybercriminal may conduct a file search for specific documents. While the search itself may be benign, they can use tools to scan for any security gaps in the code. Once they find weak spots, they can exploit them for a malware attack or to steal the identity of an employee. A well-crafted OSINT plan will quickly survey all activity comprehensively so there will be no opportunity for hackers to wreak havoc. To be successful at threat monitoring, one must think like the enemy.
Interfor’s Approach to OSINT
Interfor uses a cross-functional approach of analytic monitoring and proprietary open-source monitoring tools, including social-media monitoring and global security alert platforms. With access to more than 2000 databases globally, multiple high-powered AI platforms, geo-fencing tools, and (perhaps most importantly) a team of human analysts to make sense of it all, Interfor establishes a comprehensive security umbrella to serve as a sentinel for its clients. The security team continuously monitors the digital perimeter and proactively seeks to plug any gaps it might have, so coverage is always available.
It is a comprehensive approach, powered by experience and expertise, that is the key to a successful proactive security plan.