1 week ago
12
Intelligence operations have undergone a profound transformation. Gone are the days when intelligence gathering relied purely on information obtained from human and other restricted sources. Today, much of the intelligence is publicly available – if one knows where and how to find it. This practice, known as Open Source Intelligence (OSINT), has emerged as an essential tool, especially in cybersecurity.
Traditionally, OSINT proved to be a powerful tool for defenders. Security teams use it to proactively research publicly available information so they can thwart threat actors by preempting their moves. On the flip side, studies reveal that bad actors too have been leveraging OSINT to target organizations and their key executives.
How Are Bad Actors Using OSINT?
Scammers and cybercriminals constantly monitor public information to collect insight on people, businesses and systems. They research social media profiles, public records, company websites, press releases, etc., to identify vulnerabilities and potential targets. What might seem like harmless information such as a job change, a location-tagged photograph, stories in media, online interests and affiliations can be pieced together to build a comprehensive profile of a target, enabling threat actors to launch targeted social engineering attacks.
And it’s not just social media that threat actors are tracking and monitoring. They are known to research things like leaked credentials, IP addresses, bitcoin wallet addresses, exploitable assets such as open ports, vulnerabilities in websites, internet-exposed devices such as Internet of Things (IoT), servers and more. A range of OSINT tools are easily available to discover information about a company’s employees, assets and other confidential information.
The Introduction of AI And How it Changes OSINT
While OSINT offers significant benefits to cybercriminals, there is also a real challenge of collecting and analyzing publicly available data. Sometimes information is easy to find, sometimes extensive exercise is needed to uncover loopholes and buried information. OSINT can arrive in the form of audio, video, images, or comments on social and online forums. It could be maps, IP addresses or geolocation data.
Integrating artificial intelligence with OSINT can enhance the ability to collect, process and analyze massive amounts of publicly available information. AI can also help uncover hidden patterns and make predictions from large datasets. While this significantly boosts the defenders’ ability to gather and analyze security data points, attackers can also leverage AI-enabled OSINT in their malicious endeavors.
Potential Use Cases of AI in OSINT
Advertisement. Scroll to continue reading.
Let’s understand some use cases of how AI can be weaponized in OSINT:
Advanced Spear Phishing Campaigns: AI-powered OSINT enables bad actors to create highly personalized spear phishing campaigns. For example, an organization hires a senior leader to run their finance department and issues a press release. Bad actors abuse this information to target members of the finance team.
Account Takeover Attacks: Attackers can harness AI power to search for stolen credentials in password dump files. Once credentials are acquired they can use methods like credential stuffing in combination with AI to automate and to test credentials against hundreds of different websites, resulting in widespread account compromise.
Supply Chain Compromise: Bad actors can use AI-based OSINT tools to identify loopholes and vulnerabilities in vendor infrastructure. This enables them to target organizations with a weaker security posture, allowing them to break into significantly larger entities and bypass their robust cybersecurity controls.
Social Engineering Using Deepfakes: Organizations commonly release video interviews of senior executives. Bad actors can use such media to forge deepfake identities that can be operationalized in sophisticated social engineering attacks. Reports show a massive spike in deepfake calls using voice cloning technology.
Target Selection: A ransomware syndicate or a state-sponsored threat actor can use AI web scraping tools such as Scrapy, Diffbot, and Apify to gather data about an organization’s key personnel, infrastructure and other public information. This information is used to tailor attacks that target specific weaknesses.
Attacks on Vulnerable Infrastructure: Using AI-powered tools, attackers can create real-time analysis of an organization’s infrastructure – its devices, routers, firewalls, webcams — anything connected to the internet. They can seek out vulnerabilities, misconfigurations, open ports, unpatched devices, etc., and design evasive malware, APIs and other tools to exploit this exposed infrastructure.
How Can Organizations Improve Defenses Against AI-Powered OSINT?
Adopting best practices can help organizations improve their defenses against AI-powered OSINT.
- Regular OSINT Audits: Conduct thorough OSINT audits repeatedly to identify and mitigate information and risks that attackers can exploit or employ in their attacks.
- Regular Security Training: Subject employees to phishing simulation exercises and regular training programs. This will improve security awareness, intuition, reflexes and resilience in employees.
- Regular Review of Supply Chain Posture: Monitor and assess the security posture of supply chain partners at regular intervals. Implement robust security standards for all third-party integrations.
As AI technologies mature, threat actor OSINT tactics and techniques will certainly advance. Security teams and organizations will also be empowered by AI-based OSINT tools. By implementing proactive measures such as regular OSINT audits, employee training, and thorough reviews of supply chain partners, defenders can effectively prepare themselves for these impending challenges.