ThreatBites 02 - Technical Threats

Today we're covering Technical Threats in the latest ThreatBite with the DarkInvader Research Team. This blog highlights what the shift in cyber attacks means for the technical threat landscape and what can be done.

OSINT and Technical Threats: The Shift in Peoples Threat Landscapes and the Increase in Ransomware Attacks

Online activity has increased massively over the most recent years, with the development of social media as well as technological advances. This has encouraged a huge increase in general attacks, with people's personal information being more accessible. This blog highlights what the shift means for the technical threat landscape and what can be done.

How Have Technical Threats Shifted?

Technical threats have shifted from a time when cyber attacks were very mild, shutting down a computer at most, to the most recent years where cyber attacks can shut down a whole business through one piece of information. With more sophisticated attacks such as Ransomware and Phishing, this is a huge worry for individuals, especially business owners.


Technical threats are a huge part of our research here at DarkInvader, as they pose a large threat, especially in the last year or two, this has become a huge part of people's landscapes including an increase in ransomware attacks and hacks in general. This has mainly come from that there has been a deeper understanding of what your profile infrastructure looks like and your threat landscape through the use of social media and online profiles. It's incredibly important to the team here at DarkInvader, to look for any subdomains, IP addresses that can be tied back to your business, and use a variety of tools to collect that information in order to protect your identity from the risk of cyber attacks.

Open Source Intelligence

Open Source Intelligence is the process of collecting, analysing and making use of information that is publicly available. This can be done through a number of ways, such as social media monitoring and advanced Google searches. This process is important as it can help you to understand what type of information is publicly available about you or your business, and how this could be used against you in a cyber attack.


It is becoming increasingly difficult to protect yourself from technical threats, but by understanding the shift in the landscape, and utilising Open Source Intelligence, you can put your business in a good position to fight off cyber attacks.


The amount of information the DarkInvader team can gather is significant, without even using any pen-testing techniques. From this, you can follow the path of an attack which is then fed back to you through the portal. OSINT gathering is passive information gathering. So if you're able to map the attack surface without touching your target, then there is a big advantage to that.

What Can be Done?

The first, the most obvious one is you have to have a clear understanding of your public infrastructure, so that is crucial. What firewall rules are in place? And what information is out there? Having this information helps protect yourself from potential attacks. It's massively important to be aware of the information that has been gathered.


DarkInvader offers a more Threat Intelligence approach. This is so we're able to give you a better understanding of how these things might tie together and for you to know what kind of things you can do about it. Ultimately, it's all about knowing what's out there and having a good awareness of what information is available on the public web & how this could be a potential threat to your business. Without that awareness, it's hard to start building up a security programme.


Transcript

Hello, and welcome to the second episode of OSI deep dives. Today, Garth and Liam will be talking about the technical threats. Liam, shall we start with you?

Thank you very much of your introduction there, there. And then we'll Yeah, so technical threats. So Can other technical precursor is another big part of the open source intelligence we do here at dark and beta, the dark web obviously poses a large threat. And those kinds of technical attacks, especially over the last year, year and a half, two years, have become a massive part of people's threat landscapes, the increase in ransomware attacks, the increase in just kind of hacks in general, have meant that having a deep understanding of what your kind of peripheral infrastructure looks like what your technical landscape looks like, is incredibly important. And and that's part of what the team never hear a darkened Bay to do. So we are looking for any subdomains that you might have forgotten about, we'll look for IP addresses that can be tied back to your to your business. And we use a massive variety of tools to collect all of that information and really, and then push that through to you via the portal. The tools such as that are pretty well known such as showdown or CRT dice, H are all collated and then used to feed that back. And the vulnerabilities that naturally we're not we're not pentesters, obviously, we have a background in pentesting. From we're just looking at it from from an open source intelligence perspective. But you'd be amazed at the amount of information we can gather without ever doing anything that would be considered fantastic stuff sites, again, we'll try to answer those so sage Wayback Machine, they all log things like headers, and various services that are open. And by just by inspecting those, you can start to see how what an attacker would do how what kind of path they'd go down, in order to, to stop causing damage. And that can then be fed back to you via the portal. So you get to start to build up this picture of what your friends threat landscape really looks like

with, with open source intelligence gathering this, the vast majority of it, if not all of it is is passive information gathering. They think I think that's, that's quite important here. And Liam mentioned about pen testing and pen testers will they'll run Port Scans, you know, we're very active, there'll be there'll be banging on the door trying to map out the external infrastructure, what what services do you have publicly facing, you know, what ports are open, and what they're hoping to find, like Port 445 or RDP or something, you know, that they can attack that there's likely to have some kind of a vulnerability, but, you know, doing that is is noisy. I mean, you know, you can go via proxies, you can go by VPNs, and all sorts of ways to try and mask your kind of where you're coming from, but again, is it still active, it still is still noise is there is still an element of risk there. So if you're able to map that, that attack surface without touching your target, then there is there out there that there's a big advantage to that. And, you know, depending on what, you know, what your objectives are, as, as, as Liam mentioned, there is and why why do that yourself when there are all of these bots, all of these solutions and things out there scanning the internet, you know, showed up being a huge, a huge source of information that you can, you can start to map this attack surface via these, these other these other tools, and with absolutely no risk. And, you know, the kinds of things they're looking for that you mentioned about subdomains there that that's quite a big one pentesters with brute force subdomains, they will run to a big word lists, dictionaries, create loads and loads of requests, but that information is ordered that has been done already. That information is already there. So you just need to go and grab it. You don't need to do it yourself. And you're looking for things like test.or, FTP door VPN diode VPN, big big one. Yeah. Is there is something your that the company is hosting publicly that could get you onto that internal network, you know, that really juicy targets? And, you know, we need to keep keep in mind that these ransomware attacks a lot of the time they are not hugely elaborate attacks. Some of the most the biggest tax have recently have simply been that the attackers discovered a public facing VPN poll with no two factor and views credentials that were there on the dark web that you know, they've been leaked in other other breaches. It was really really straightforward but incredibly effective attack. And you know, the this initial stage of of gathering reconnaissance of mapping out that attack surface is is so, so critical to any attack, but the more information you have, the more likely you are to succeed.

Absolutely, absolutely. And as a touched upon that, you are ultimately, it's very difficult to protect against suddenly, if you don't know that somebody's coming after you. And your ancestors, they do create massive amounts of noise, you're effectively walking into a room with two bad pound smashing them together, here, watching any kind of logs, then you'll see that pretty much immediately you can start to mitigate against these things. But the scan has already happened. And in fact, this happened this morning, a website had been kind of picked up as having an out of date software, but it was disclosed by some scheduling that one of the sites have been doing. And it turns out that that service actually vulnerable to some forms of remote code execution. That was something we picked up without ever having to even browse to the site. So you know, these things are very prevalent. The Deann as a precursor, without even touching it, you know, somebody knows that they can fire off a pre written exploit against one of your servers to gain and start, even when the staff there, that's the beginning of a ransomware attack, and very hard to notice that the locks, you know, the big things were done instant responses. Normally, you'll see a day or two of scanning before somebody actually punches to get in or even months or kind of compromises.

In terms of you know, what can be done? What can what can you do about this this kind of thing? I think the first most obvious one is you got got to have a very clear understanding of your public infrastructure. I know that sounds like a really obvious thing. But we have dealt with a lot of clients that have actually asked us to help them map it out. And so I think it's a really important exercise to define that what servers are public facing what firewall, firewall rules are in place? What what are you actually advertising out to the public, do you then that that puts you in a much better position to put controls in place to prevent attacks? And they also to do to us, you have to use these tools? A lot of them are free online, use them to see what information about your attack surface is publicly available and to not fall into a very easy trap of security through obscurity? I remember once I created a subdomain with incredibly arbitrary string. I mean, there's no way it could have been guessed, it wasn't based on anything. And, you know, discovered weeks later that it was it was on the surfaces, you know, they had come across it bizarrely, you know, I'm the slot shop this day exactly how they were discovered, Buddy was, you know, so it is very important to be aware of what information is being gathered.

Absolutely. Things like asset registers or massive wealth, if you're talking about an asset, when you go back to, to try and understanding what the threats look like, and when you prioritise these things. So just to recap sentiment that a lot of these tools are free. Now, you can, you can use those, and you can interact with them, so you can get a bit of an understanding. Obviously, Darth Vader and rep sat with them with a little bit more of a kind of threat intelligence, so we're able to. So we were able to give you a better understanding of how these things might tie together, which of course is valuable in itself, although I'm biassed in any way. But know that the kind of things you can do about it. Ultimately, it's all about knowing what's out there. But you have to have a good awareness of what is out there about what kind of threat might be biassed. And without that awareness it's really hard to start building up a security programme.

Thank you both for talking us through the technical threats. Join us next week where Gavin lane will be discussing another topic of the OSI deep dives.


blog

Related articles

AT&T Data Breach: Millions of Customers Caught up in Major Dark Web Leak

April 12, 2024

Read

BREAKING NEWS: LockBit Ransomware Takedown

February 22, 2024

Read

Is My Email on the Dark Web? How To Tell & What To Do

February 9, 2024

Read

An Introduction to AI-based Audio Deep Fakes

February 8, 2024

Read

Apprenticeship Journey's at DarkInvader

February 5, 2024

Read

Deep Vs. Dark Web: What's the Difference?

January 24, 2024

Read

Open Source Intelligence for External Attack Surface Management

January 23, 2024

Read

What is Typo Squatting?

January 15, 2024

Read

How IT Teams Can Identify Unknown Public Attack Vectors Through OSINT Gathering

January 11, 2024

Read

Why Should Businesses Scan The Dark Web?

January 9, 2024

Read

What is a Dark Web Scan?

January 8, 2024

Read

The Role of Domain Security in Phishing Prevention

January 4, 2024

Read

Unveiling The Positive Potential of The Dark Web

January 3, 2024

Read

How Threat Actors Choose Their Victims

December 21, 2023

Read

The Problem with Social Media and the Risk in 2024

December 20, 2023

Read

Unmasking Threat Actors: Safeguarding Your Business in the Digital Battlefield

December 19, 2023

Read

Risk Mitigation Strategies for Modern IT Teams

December 4, 2023

Read

The Crucial Role of Vulnerability Management in External Attack Surface Management

November 29, 2023

Read

How to Detect and Respond to Dark Web Threats?

November 23, 2023

Read

A Guide for Executives Faced with Cyber Extortion

November 22, 2023

Read

Why External Attack Surface Management is Important in Today's Digital Landscape

November 13, 2023

Read

How Deploying an EASM Solution Strengthens Your Security Posture

November 8, 2023

Read

Enhancing Cyber Defence: The Role of External Attack Surface Management

October 26, 2023

Read

The Imperative of Monitoring the Dark Web: Protecting Our Digital World

October 26, 2023

Read

10 Ways to Protect Your Online Identity

October 18, 2023

Read

Navigating Cybersecurity Breaches: Lessons from Sony’s Recent Incident

October 16, 2023

Read

What is Human Attack Surface?

September 25, 2023

Read

OSINT Tools & Techniques

September 12, 2023

Read

What is Quantum Computing?

September 12, 2023

Read

Dark Web Forums Vs Illicit Telegram Groups

August 18, 2023

Read

What is Attack Surface Mapping?

August 10, 2023

Read

LockBit Ransomware Gang

July 31, 2023

Read

What is The Dark Web?

July 24, 2023

Read

The Cyber War - Russia & Ukraine

July 17, 2023

Read

Attack Surface Reduction Rules (ASRR)

June 30, 2023

Read

Protecting Your Digital Identity: Essential Cybersecurity Practices

June 23, 2023

Read

Whistle Blowing & The Art of Online Privacy

June 21, 2023

Read

How Does Attack Surface Management Work?

June 16, 2023

Read

Why is Attack Surface Management Important?

June 13, 2023

Read

Cyber Criminals: Being Anonymous Online

June 12, 2023

Read

Exploring The Deep Web and Debunking Myths

June 7, 2023

Read

New Ransomware Group: Akira Ransomware

May 23, 2023

Read

New Form of AI: Deep Fakes

May 23, 2023

Read

Capita Hack

May 19, 2023

Read

The Monopoly Market Attack

May 17, 2023

Read

The DarkInvader Insider Video

May 15, 2023

Read

New Ransomware Strain ‘CACTUS’ Exploits VPN Flaws to Infiltrate Networks

May 12, 2023

Read

Chat GPT - What Happened?

May 11, 2023

Read

Dark Pink APT Group Deploys KamiKakaBot Against South Asian Entities

May 10, 2023

Read

Black Basta Cyber Attack Hits Capita

April 25, 2023

Read

Genesis Market and Breached Website Shut Down

April 17, 2023

Read

3CX Attack - What Happened?

April 14, 2023

Read

How Geopolitical Tensions Impact Cyber Security

April 12, 2023

Read

How to Detect and Respond to Dark Web Threats?

April 3, 2023

Read

What is Threat Intelligence?

March 29, 2023

Read

'TikTok Due to be Blocked From Parliamentary Devices and Network Over Cyber Security Fears'

March 27, 2023

Read

How Can Hackers Destroy Your Business?

March 23, 2023

Read

Top Emerging Cyber Threats for Businesses in 2023

March 20, 2023

Read

How Can Wide Digital Intelligence Overcome Challenges to Solve Crypto Crimes?

March 6, 2023

Read

DarkNet Drug Markets - Breakdown

March 2, 2023

Read

Dark Web Market Revenues Sink 50% in 2022

February 20, 2023

Read

Are Cyber Criminals Offering Jobs on The Dark Web?

February 10, 2023

Read

ThreatBites 08: Dark Web Stories & Forums

January 31, 2023

Read

Why Has There Been a Recent Spike in Ransomware Attacks

January 24, 2023

Read

A Glimpse Into the Dark Web: What You Can Find In the Marketplaces and Forums

January 9, 2023

Read

Why Should Businesses Actively Search for Threats?

December 20, 2022

Read

ThreatBites 06 - Christmas Cyber Scams

December 2, 2022

Read

ThreatBites 05 - Improving Phishing Campaigns with OSINT

November 23, 2022

Read

ThreatBites 04 - The Effects of GDPR on OSINT

November 11, 2022

Read

ThreatBites 03 - Credential Stuffing

November 7, 2022

Read

ThreatBites 02 - Technical Threats

November 4, 2022

Read

ThreatBites 01 - OSINT Overview

November 4, 2022

Read

The Ultimate Guide to OSINT and Google Dorking

October 17, 2022

Read

It’s Time to Update Your Privacy Settings

October 14, 2022

Read

OSINT and Technical Threats: The Shift in Peoples Threat Landscapes and the Increase in Ransomware Attacks

October 5, 2022

Read

Discover What Threat Intelligence Is and Why its Crucial

October 5, 2022

Read

Introduction to Open Source Intelligence Gathering (OSINT)

September 8, 2022

Read

Why Should you Monitor the Dark Web?

September 8, 2022

Read

Is it Illegal to Browse the Dark Web?

September 8, 2022

Read

What Makes DarkInvaders DarkWeb Scanning Superior?

September 7, 2022

Read

How are Hackers Using the Dark Web to Attack Businesses?

September 7, 2022

Read

How do Credentials Leak to The Dark Web & What are The Risks?

September 7, 2022

Read

What is Dark Web Monitoring?

September 3, 2022

Read

Dark Web Monitoring Questions

August 29, 2022

Read