How to Defend Against Nation State Attackers: Part Two
January 26th, 2018
[Reader’s Note:] This is the second installment in a series of blog posts describing a four-step process for using open source threat intelligence (OSINT) to create effective defenses against nation-state attackers. If you missed Part One, check it out here!
Step Two: Think and Act Like Your Nation-State Adversaries
Most people in the business world have heard of Sun Tzu, the 5th century Chinese military strategist, general, and the author of The Art of War. One of the key principles in The Art of War has great relevance for cybersecurity pros battling nation-state attackers today. Loosely translated, that principle is: “To know your enemy, you must become your enemy.”
In other words, to fend off nation-state attackers, cybersecurity pros need to start thinking like they do, and mimicking their actions. Security teams must adopt their strategies and use the same techniques as their attackers by utilizing tools like Google, Yahoo and Bing to continually scour their own organizations looking for exploitable data.
Items left exposed unintentionally on websites like directory listings and database schemas, or subtle on-screen listings of the products or technologies being used, such as server versions or release numbers are prime targets. Match any of these goodies with a known vulnerability, and it’s GO time.
That is why it is critically important for security teams to utilize Google Search and other tools to look at their own organization’s digital footprint just as an attacker would. OSINT resources can give you a better idea about the latest things attackers are looking for.
Security teams must be relentless in not only rooting out their organization’s exploitable data, but also fast and thorough take down. This goes for all sensitive data relating to your organization wherever it exists online. Keeping tabs on OSINT data can tip teams off to online locations where exploitable data about their organizations live, such as on text storage and sharing websites like Pastebin.
While OSINT can help you to find these items, it’s up to you to take them down or out of play quickly. That’s where it helps to have vendors or partners who have relationships with the people behind these web entities and who can hasten clean-ups.
The key takeaway is to think like your enemy and understand that they are continually on the hunt for exploitable data to use against your organization. Use the same tools (including OSINT) to find the same sensitive data – and then be quick about getting rid of it.
That’s one of the ways OSINT can help you and your team to find exploitable data in your organization’s digital footprint and deal with it before your nation-state attackers can. If you win these battles, you’ll win the war.
Looking to learn more about the four steps? Check out our whitepaper!
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.