SLIDE 1
1 DETECT . ANALYZE . REMEDIATE
alon@intsights.com Alon Arvatz +972-545444313
1
2
OSINT: The Secret Weapon in Hunting Nation-State Campaigns - - PowerPoint PPT Presentation
OSINT: The Secret Weapon in Hunting Nation-State Campaigns - - PowerPoint PPT Presentation
DETECT . ANALYZE . REMEDIATE OSINT: The Secret Weapon in Hunting Nation-State Campaigns alon@intsights.com Alon Arvatz +972-545444313 1 1 1 What People Think 2 True or False? Threat intelligence Nation-state actors Commercial threat
SLIDE 2
SLIDE 3
3
True or False?
Commercial threat intelligence won’t help me against nation-state attacks Threat intelligence is focused on the “reconnaissance” phase Nation-state actors just sit in a secured place collaborating
- ver internal
networks
SLIDE 4
4
2 Using OSINT to Detect Attacks
SLIDE 5
5
How Nation-state Cyber Attacks Unfold?
Infrastructure Targeting Motive Recon Development Attack
The Attack Supply Chain
SLIDE 6
6
What Does This Mean For You
SLIDE 7
7
Step 1: Outrun Your Competitor
- Don’t outrun the bear, outrun your competitor.
- Benchmark your digital footprint.
- Benchmark is a crucial security need!
SLIDE 8
8
Benchmark in the telecom industry
1248 1452 1100 1150 1200 1250 1300 1350 1400 1450 1500 Telecom1 Telecom2
Leaked credentials
18 34 5 10 15 20 25 30 35 40 Telecom1 Telecom2
Employees on target lists
SLIDE 9
9
Nation-State Attacks Motivations
Damage Support for Other Efforts Intelligence Profit (??)
SLIDE 10
10
Step 2: Get Into The Attacker’s Shoes
- How does your attacker see you?
- What is your digital footprint?
- 2 steps:
- Monitor your digital foot print.
- Clean your digital footprint.
SLIDE 11
11
Exploitable Data
SLIDE 12
12
Exploitable Data
SLIDE 13
13
Clean Your Digital Footprint
SLIDE 14
14
Step 3: Monitor The Dark Web
Clear Web Deep Web Dark Web
- What is the Dark Web?
- Hackers #1 interest – Anonymity.
SLIDE 15
15
What are they doing on the Dark Web?
- Recruiting/Hiring.
- 0days.
- Staying up-to-date.
*OpCleaver, Cylance
They Are On The Dark Web!
SLIDE 16
16 *APT1, Exposing one of China’s Cyber Espionage Units, Mandiant
Recruiting
SLIDE 17
17
Outsourcing
*Exposed by Noam Jolles, Diskin Advanced Technologies
SLIDE 18
18
- Nation State Actors on the Dark
Web
- Very few posts.
- Very laconic.
- Don’t contribute.
- Looking for 0days.
- Unlimited budget.
How Can They Be Detected?
SLIDE 19
19
How Can They Be Detected?
SLIDE 20
20
Step 4: Weapon Deployment
- States collaborate on closed networks but
- rganizations are on the surface.
- In order to attack, states have to reach the
surface, and that leaves them exposed. TI can help detect:
- Phishing attacks- fake domain registration.
- Malicious mobile applications
- Fake social media profiles
SLIDE 21
21
Fake Social Media Profiles
SLIDE 22
22
How Nation-state Cyber Attacks Unfold?
Infrastructure Targeting Motive Recon Development Attack
The Attack Supply Chain
Benchmark Exploitable Data Data Leakage Phishing domains Malicious mobile apps Fake social media profiles Dark Web monitoring Exploitable Data Data Leakage
SLIDE 23
23
Operational Efficiency
- 1. Actionable visibility
- 2. Automate remediation for internal
and external systems
- 3. Metrics and visibility showcasing
security’s impact.
Eliminates Blind Spots
- 1. Optimized risk picture with an
aggregated and coordinated view across internal and external threats.
- 2. Context to effectively scope alerts
- r gauge the severity of a threat.
Enable Proactive Security
- 1. Connect external threats with your
enterprise before they attack.
- 2. Capture early warning signals.
Conclusion: OSINT Is Critical
SLIDE 24
24
Thank You
alon@intsights.com Alon Arvatz +972-545444313
1