NACWS OSINT DAY1 (1) PDF

OPEN SOURCE INTELLIGENCE (OSINT ) NIGERIAN ARMY CYBER WARFARE SCHOOL H A F I Z A U WA LU KO KO Introduction to Osint What is Open Source Intelligence? Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources overt and publicly available sources to produce actionable intelligence. OSINT is primarily used in national security, law enforcement, and business intelligence, it is the modern way of gathering information about a particular target for a particular purpose. Introduction to Osint What Can we find in Osint? Email address Phone Numbers Address Identities Background Checks CONTD.. Social Accounts and Information Criminal records Scams Etc.. Importance of Email Osint Identifying Threats: Email OSINT helps in identifying potential threats such as phishing attacks, malware distribution, and social engineering attempts. By analysing email addresses associated with known malicious activities, organizations can proactively defend against cyber threats. Investigating Incidents: During security incidents or data breaches, email OSINT can be instrumental in tracing the origin of suspicious emails, tracking down attackers, and understanding the scope of the breach. It provides valuable insights into the tactics, techniques, and procedures (TTPs) used by threat actors. CONTD Attribution: Attribution is essential in cybersecurity to determine the source of attacks accurately. Email OSINT can assist in attributing attacks to specific individuals, groups, or organizations by analyzing email metadata, sender information, and patterns of behaviour. Importance of email Osint Cont.. Digital Forensics: In digital forensics investigations, email OSINT helps forensic analysts gather evidence, reconstruct timelines, and establish connections between different entities involved in a case. It aids in building a comprehensive picture of digital interactions and activities. Fraud Detection: Email OSINT is valuable in detecting fraudulent activities such as identity theft, online scams, and financial fraud. By analyzing email addresses linked to suspicious transactions or communications, organizations can prevent financial losses and protect their customers. Importance of Email Osint Cont. Threat Intelligence: Email OSINT feeds into broader threat intelligence programs by providing real-time information about emerging threats, trends, and indicators of compromise (IOCs). This intelligence enhances the organization's ability to anticipate and mitigate cyber risks effectively. Email OSINT plays a crucial role in cybersecurity, digital investigations, and risk management strategies by providing valuable insights into threats, incidents, and vulnerabilities associated with email communications. Integrating email OSINT into security operations enhances an organization's ability to detect, respond to, and mitigate cyber threats effectively. Email Osint Tools When it comes to conducting email OSINT (Open Source Intelligence) investigations, there aren't as many free tools available as there are for social media OSINT. However, here are some useful free tools and resources for email OSINT: Email Header Analyzer: Online tools such as MXToolbox's Email Header Analyzer or WhatIsMyIPAddress Email Header Analyzer allow you to analyze the headers of email messages to extract information about the sender's mail server, IP addresses, authentication details, and routing information Email Osint Tools TheHarvester: TheHarvester is an open-source tool that can be used for gathering email addresses, subdomains, and other information from public sources such as search engines, social media, and PGP key servers. It's a command-line tool that can be run locally and is useful for reconnaissance during OSINT investigations. Hunter.io: Hunter.io offers a free plan that allows you to search for email addresses associated with a domain name. It provides information such as email format, sources where the email was found, and other related email addresses. This can be useful for gathering additional email addresses related to a target or organization. CONTD Emailrep.io: Emailrep.io is a free email reputation and risk assessment tool that provides information about the reputation of an email address, including whether it has been reported as malicious or associated with suspicious activities. It can help in identifying potentially risky or fraudulent email addresses. Email Osint Tools Have I Been Pwned: Have I Been Pwned is a free service that allows you to check if an email address has been involved in a data breach or known security incident. By entering an email address, you can see if it has been compromised in any publicly disclosed breaches, which can be valuable for assessing the security risk associated with the email address. Google Advanced Search: Google's advanced search features can be used to search for publicly available information associated with an email address, such as online profiles, social media accounts, forum posts, and other digital footprints. By using specific search operators and keywords, you can narrow down search results to find relevant information. Email Osint Tools OSINT Framework: While primarily focused on OSINT in general, the OSINT Framework provides links to various tools and resources for email investigations. It includes tools for email header analysis, email tracking, email verification, and other related tasks. While these tools may not offer the same level of functionality as their commercial counterparts, they can still be valuable resources for conducting email OSINT investigations and gathering information from publicly available sources. Email Case Scenario Let's explore an email OSINT case scenario: Scenario: Phishing Attack Investigation Background: A company's employees have reported receiving suspicious emails purportedly from the company's IT department requesting sensitive information such as login credentials or financial details. Some employees have unknowingly fallen victim to these phishing attacks, resulting in potential security breaches and data leaks. The company's IT security team suspects that the phishing emails may be part of a coordinated cyber attack targeting the organization. CONTD Objective: Conduct email OSINT to identify the source of the phishing emails, gather intelligence about the attackers, and mitigate the ongoing threat to the company's cybersecurity. Email Case Scenario Investigation Steps:  Email Header Analysis: Begin by analyzing the email headers of the phishing emails to extract information about the sender's email infrastructure, such as IP addresses, domain names, and mail servers used to send the emails.  Domain Analysis: Investigate the domain names used in the sender's email address and any links or URLs contained within the phishing emails. Use domain intelligence tools to gather information about the domain registration, ownership, hosting providers, and historical activity associated with the domains. CONTD Ø Sender Attribution: Attempt to attribute the sender of the phishing emails by tracing back the email infrastructure to its origin. Look for patterns or indicators that may suggest the involvement of specific threat actors, such as known phishing groups or cybercriminal organizations. Ø Content Analysis: Analyze the content of the phishing emails, including language, formatting, and any embedded malicious attachments or links. Look for common phishing techniques or tactics used to deceive recipients and elicit sensitive information. Investigation Steps Cont..  URL Analysis: Examine any URLs or links included in the phishing emails to determine their legitimacy and potential threat level. Use URL scanning tools to check for malicious content, phishing domains, or known indicators of compromise (IOCs).  Social Media Investigation: Search for any mentions or references to the phishing campaign on social media platforms, dark web forums, or underground marketplaces. Monitor discussions or posts related to similar phishing attacks to gather intelligence about the tactics, motivations, or affiliations of the attackers. Investigation Steps Cont..  Collaboration with Law Enforcement: If the phishing attack is part of a larger cybercrime operation, collaborate with law enforcement agencies or cybersecurity organizations to share intelligence and coordinate response efforts. Provide them with relevant information and evidence gathered during the email OSINT investigation.  Employee Education and Awareness: Educate employees about phishing awareness and best practices for identifying and reporting suspicious emails. Conduct training sessions, distribute informational materials, and implement security awareness campaigns to empower employees to recognize and avoid phishing attacks. Why do we conduct Osint on Social Media  Information Gathering: Social media platforms contain a wealth of information about individuals, organizations, and events. By analyzing social media accounts, investigators can gather valuable insights into a target's interests, activities, relationships, and affiliations.  Threat Detection: Social media OSINT helps in identifying potential threats, such as cyberbullying, harassment, radicalization, or extremist ideologies. Monitoring social media accounts allows investigators to detect warning signs or indicators of concerning behavior. CONTD.. Ø Investigative Leads: Social media accounts often provide leads or clues that can advance an investigation. Posts, comments, photos, and interactions on social media platforms may reveal valuable information related to criminal activities, fraud, misconduct, or illicit behavior. Ø Profile Verification: Verifying the authenticity of social media profiles is essential in cases where individuals or entities may use fake identities or impersonate others online. Conducting OSINT on social media accounts helps in confirming the identity of individuals and validating their claims or affiliations. Why do we conduct Osint on Social Media  Digital Footprint Analysis: Social media OSINT contributes to building a comprehensive digital footprint of a target. Analyzing the target's social media presence helps investigators understand their online persona, behavior patterns, preferences, and communication style.  Relationship Mapping: Social media accounts facilitate the mapping of relationships and networks between individuals or groups. Investigating connections, followers, friends, and interactions on social media platforms enables investigators to identify associations, collaborations, or influences. Why do we conduct Osint on Social Media  Predictive Analysis: Social media OSINT allows for predictive analysis by monitoring trends, sentiments, and discussions on social media platforms. Understanding public sentiments or reactions to certain events or topics can help investigators anticipate potential risks or threats.  Evidence Collection: Social media content can serve as valuable evidence in legal proceedings, investigations, or intelligence analysis. Screenshots, posts, messages, and multimedia shared on social media platforms can be preserved as digital evidence to support findings or build a case. CONTD.. Ø Brand Protection: Organizations can use social media OSINT to monitor mentions of their brand, products, or services across social media platforms. Identifying brand- related discussions, feedback, or incidents allows organizations to manage their online reputation and respond to issues promptly. Why do we conduct Osint on Social Media Conducting OSINT on social media accounts is essential for gathering information, detecting threats, validating identities, analyzing digital footprints, mapping relationships, predicting trends, collecting evidence, and protecting brands. Social media platforms serve as valuable sources of intelligence that contribute to the effectiveness of investigations, risk assessments, and decision-making processes. Social Media Osint Tools There are several free tools available for conducting social media OSINT (Open Source Intelligence) investigations. Here are some popular ones: OSINT Framework: OSINT Framework is a comprehensive collection of various tools, resources, and websites categorized by different intelligence sources, including social media platforms. It provides a structured approach to conducting OSINT investigations and includes links to numerous free tools and resources. Google Advanced Search: Google's advanced search features allow you to narrow down search results based on specific criteria, such as keywords, domains, file types, and date ranges. It's useful for searching for publicly available information on social media platforms, blogs, forums, and other online sources. CONTD Social Searcher: Social Searcher is a social media search engine that enables you to search for mentions of keywords, hashtags, or usernames across multiple social media platforms, including Twitter, Facebook, Instagram, YouTube, and more. It provides real-time results and basic analytics for monitoring social media activity. Twint: Twint is an open-source Twitter intelligence tool that allows you to scrape tweets, profiles, and followers for analysis. It provides advanced search capabilities, filtering options, and the ability to export data for further investigation. Twint is particularly useful for researching Twitter users, trends, and conversations. Social Media Osint Tools Facebook Graph Search: Facebook Graph Search allows you to perform advanced searches on Facebook to find public posts, pages, groups, events, and more based on specific criteria, such as keywords, locations, interests, or relationships. It's a powerful tool for gathering information about individuals, organizations, or topics on Facebook. Instagram OSINT Tool: Instagram OSINT Tool is a web-based tool that enables you to search for Instagram users, posts, hashtags, and locations. It provides features such as profile analysis, post history, and image metadata extraction. Instagram OSINT Tool is useful for investigating individuals or events on Instagram. Social Media Osint Tools YouTube DataViewer: YouTube DataViewer is a web-based tool that allows you to extract metadata from YouTube videos, including titles, descriptions, tags, upload dates, and channel information. It's helpful for analyzing YouTube content and identifying relevant videos or channels related to a particular topic or keyword. CONTD.. Maltego Community Edition: Maltego is a powerful OSINT and data visualization tool that allows you to gather, analyze, and visualize information from various online sources. The Community Edition of Maltego is free to use and includes basic functionality for conducting OSINT investigations, such as entity searches, link analysis, and data transformation. These free tools provide a starting point for conducting social media OSINT investigations and gathering information from publicly available sources. Social Media Osint Case Scenario Let's consider a case scenario involving social media OSINT: Scenario: A Cyberbullying Incident Background: Assuming a case is reported to you a military man to investigate a cyberbullying Case. The Victim has been receiving hateful messages and derogatory comments on his/her social media accounts, causing significant distress and affecting his/her mental well-being. Despite blocking the accounts responsible for the harassment, the bullying persists, and the victim fears for her safety. Objective: Conduct social media OSINT to identify the perpetrators of the cyberbullying, gather evidence of the harassment, and take appropriate actions to address the situation. Investigation Steps Initial Assessment: Start by gathering information about Victim's social media accounts, including the platforms she uses (e.g., Instagram, Twitter, Facebook) and any relevant details about the cyberbullying incidents (e.g., specific accounts involved, nature of the harassment). Identification of Perpetrators: Use social media OSINT tools and techniques to search for accounts or profiles associated with the harassing messages. This may involve searching for keywords, usernames, or hashtags related to the bullying incidents across different social media platforms. Analysis of Digital Footprints: Analyze the digital footprints of the identified accounts to gather information about their owners. This includes examining profile information, posts, comments, likes, followers, and any public interactions that may provide insights into their identities, motivations, or affiliations. CONTD Cross-Referencing Information: Cross-reference the information obtained from social media accounts with other sources, such as public records, online databases, or school records, to corroborate identities or gather additional context about the perpetrators. Collection of Evidence: Collect screenshots or other forms of evidence documenting the cyberbullying incidents, including the harassing messages, comments, or posts directed at Victim. Ensure that the evidence is properly timestamped and preserved for future reference or legal proceedings. Investigation Steps cont.. Reporting to Authorities: Report the cyberbullying incidents to the appropriate authorities, such as law enforcement agencies, or social media platforms' support teams. Provide them with detailed information and evidence gathered during the social media OSINT investigation to facilitate their response and intervention. Who Uses Osint? Military Law enforcement Agents Security Professionals Malicious Hackers Businesses CONTD... Journalists Investigators Home users Importance of OSINT to Law enforcement Agents Open Source Intelligence (OSINT) is invaluable to law enforcement agents Investigative Leads: OSINT provides law enforcement agents with leads and valuable information to initiate and advance investigations. By gathering intelligence from publicly available sources such as social media, news articles, and online databases, agents can identify suspects, uncover criminal activities, and establish connections between individuals and criminal networks. Digital Footprint Analysis: OSINT helps law enforcement agents analyze the digital footprints of suspects and persons of interest. By examining social media profiles, online forums, and other digital platforms, agents can gather information about a suspect's behavior, interests, associations, and activities, aiding in profiling and investigative strategy development. CONTD... Evidence Collection: OSINT contributes to evidence collection in criminal investigations. Law enforcement agents can use information gathered from open sources, such as photos, videos, messages, and online transactions, to support their cases and obtain search warrants or arrest warrants. OSINT-derived evidence can be crucial in securing convictions and prosecuting criminals. Suspect Identification: OSINT enables law enforcement agents to identify suspects involved in criminal activities, even if they operate under pseudonyms or false identities. By cross- referencing information from various sources, agents can uncover the true identities of suspects, track their movements, and locate their whereabouts, facilitating apprehension and prosecution. Importance of OSINT to Law Enforcement Agents Threat Detection and Prevention: OSINT helps law enforcement agencies detect and prevent threats to public safety and national security. By monitoring social media, online forums, and other open sources for indicators of criminal or terrorist activities, agents can identify potential threats, assess their credibility, and take proactive measures to mitigate risks and protect the community. Community Policing and Engagement: OSINT supports community policing efforts by enabling law enforcement agencies to engage with the public, gather feedback, and address community concerns. By monitoring social media platforms and online forums, agents can identify emerging issues, respond to inquiries, and build positive relationships with community members, enhancing trust and cooperation. Importance of OSINT to Law Enforcement Agents Intelligence Sharing and Collaboration: OSINT facilitates intelligence sharing and collaboration among law enforcement agencies at the local, national, and international levels. By sharing information obtained from open sources, agencies can collaborate on joint investigations, coordinate operations, and address transnational crime and terrorism threats more effectively. Real-Time Monitoring and Response: OSINT provides law enforcement agents with real-time monitoring capabilities to track unfolding events, emergencies, and incidents. By monitoring social media platforms, news feeds, and public alerts, agents can stay informed about developing situations, assess their impact on public safety, and deploy resources accordingly to ensure a timely and effective response. CONTD.. OSINT is essential to law enforcement agents for generating investigative leads, collecting evidence, identifying suspects, detecting threats, engaging with communities, sharing intelligence, and responding to emergencies. By harnessing the power of open sources, law enforcement agencies can enhance their capabilities, improve operational efficiency, and fulfill their mission of maintaining public safety and upholding the rule of law. OSINT Investigation Law enforcement Agents case Scenario Let's explore an OSINT investigation scenario for law enforcement agents: Scenario: Drug Trafficking Network Investigation Background: Law enforcement agencies have received intelligence indicating the presence of a sophisticated drug trafficking network operating in a major city. The network is believed to be involved in the trafficking of illegal drugs, money laundering, and other criminal activities. The authorities are determined to dismantle the network and apprehend those responsible. OSINT Investigation Law enforcement Agents case Scenario Objective: Conduct an OSINT investigation to gather intelligence on the drug trafficking network, identify key members and associates, uncover operational tactics, and facilitate law enforcement efforts to disrupt and dismantle the network. Steps: Social Media Analysis: Utilize social media monitoring tools to track individuals and groups associated with the drug trafficking network. CONTD... Analyze social media profiles, posts, and interactions to identify potential members, suppliers, customers, and facilitators of the network. Online Marketplace Monitoring: Monitor online marketplaces, dark web forums, and encrypted messaging platforms commonly used for drug trafficking and illicit transactions. Identify listings, advertisements, and discussions related to the sale and distribution of illegal drugs within the network. OSINT Investigation Law enforcement Agents case Scenario Financial Transaction Analysis: Analyze financial transaction data, including bank records, wire transfers, and cryptocurrency transactions associated with individuals suspected of involvement in the drug trafficking network. Look for patterns of money laundering, cash flows, and financial connections between members and associates of the network. Geospatial Analysis: Utilize geospatial data and mapping tools to identify locations, routes, and distribution networks used by the drug trafficking network. Analyze patterns of movement, transportation routes, and points of interest associated with drug trafficking activities. OSINT Investigation Law enforcement Agents case Scenario Open Source Intelligence Fusion: Consolidate and analyze information gathered from multiple open sources, including social media, online marketplaces, financial records, and geospatial data. Identify correlations, patterns, and connections between individuals, locations, and activities within the drug trafficking network. Undercover Operations and Surveillance: Coordinate undercover operations and surveillance efforts based on intelligence gathered from the OSINT investigation. Conduct targeted surveillance, stakeouts, and controlled purchases to gather additional evidence and gather intelligence on the network's operations. CONTD... Collaboration with Law Enforcement Partners: Share intelligence and findings from the OSINT investigation with other law enforcement agencies, including local police departments, federal agencies, and international partners. Collaborate on joint investigations, task forces, and operations to disrupt and dismantle the drug trafficking network across jurisdictions. Importance of OSINT to Security Professionals Open Source Intelligence (OSINT) holds significant importance for security professionals across various domains. Threat Intelligence: OSINT provides valuable insights into emerging threats, vulnerabilities, and potential risks to security. By monitoring open sources such as social media, forums, and news outlets, security professionals can stay informed about evolving threats, including cyberattacks, terrorism, and physical security breaches. CONTD Risk Assessment: OSINT enables security professionals to conduct comprehensive risk assessments by analyzing publicly available information about geopolitical developments, criminal activities, and social unrest. By gathering intelligence from open sources, security professionals can identify potential risks to assets, personnel, and operations and implement proactive measures to mitigate them. Situational Awareness: OSINT enhances situational awareness by providing real-time information about events, incidents, and emergencies that may impact security. By monitoring open sources for indicators of security threats or disruptions, security professionals can respond promptly and effectively to mitigate risks and ensure the safety of individuals and assets. Importance of OSINT to Security Professionals Security Operations Support: OSINT supports security operations by providing intelligence and insights into the activities of threat actors, including hackers, criminals, and hostile actors. By analyzing open sources, security professionals can identify attack vectors, tactics, and techniques used by adversaries and develop effective countermeasures to protect against security breaches and intrusions. Investigative Support: OSINT aids security professionals in conducting investigations into security incidents, breaches, and suspicious activities. By gathering intelligence from open sources such as social media, online forums, and public records, investigators can uncover leads, gather evidence, and identify perpetrators involved in security-related incidents. Importance of OSINT to Security Professionals Crisis Management: OSINT plays a crucial role in crisis management by providing real- time information and situational updates during emergencies and critical incidents. By monitoring open sources for relevant information, security professionals can assess the impact of crises, coordinate response efforts, and communicate effectively with stakeholders to mitigate risks and minimize disruptions. Competitive Intelligence: OSINT assists security professionals in gathering competitive intelligence and insights into rival organizations, competitors, and industry trends. By analyzing open sources such as corporate websites, press releases, and industry reports, security professionals can identify potential threats, vulnerabilities, and opportunities for their organization. CONTD... Policy and Strategy Development: OSINT informs the development of security policies, strategies, and best practices by providing intelligence and insights into emerging threats and security trends. By analyzing open sources, security professionals can identify gaps in existing security measures, prioritize security investments, and develop proactive strategies to address evolving security challenges. Why Cyber Criminals Also use OSINT? Hackers use Open Source Intelligence (OSINT) for various purposes, leveraging publicly available information to facilitate their malicious activities. Target Identification: OSINT enables cyber criminals to identify potential targets for their attacks. By gathering information from publicly available sources such as social media profiles, company websites, and public records, cyber criminals can identify individuals, organizations, or systems with valuable assets or exploitable vulnerabilities. Attack Surface Enumeration: OSINT helps cyber criminals enumerate and map out the attack surface of their targets. By analyzing information about network infrastructure, software versions, and system configurations from open sources, cyber criminals can identify entry points and potential attack vectors to exploit. Why Cyber Criminals Also use OSINT? Vulnerability Discovery: Cyber criminals use OSINT to discover vulnerabilities and weaknesses in target systems and networks. By monitoring security blogs, forums, and vulnerability databases, cyber criminals can identify software vulnerabilities, misconfigurations, and other security issues that can be exploited to gain unauthorized access. Social Engineering: OSINT supports social engineering attacks by providing cyber criminals with insights into their targets' behavior, interests, and relationships. By analyzing social media profiles, online forums, and public interactions, cyber criminals can tailor their social engineering tactics to manipulate and deceive their victims effectively. CONTD Phishing and Spear Phishing: Cyber criminals use OSINT to gather information about potential phishing targets and craft convincing phishing emails or messages. By gathering information about individuals' roles, interests, and relationships from open sources, cyber criminals can personalize their phishing attempts to increase their chances of success. Credential Harvesting: OSINT enables cyber criminals to gather usernames, email addresses, and other personal information leaked in data breaches or publicly available online. This information can be used in credential stuffing attacks, where cyber criminals attempt to gain unauthorized access to accounts by using previously compromised credentials. Why Cyber Criminals Also use OSINT? Exploit Development: Cyber criminals use OSINT to gather information about exploit techniques, malware analysis, and software vulnerabilities. By monitoring security forums, exploit databases, and underground markets, cyber criminals can identify exploit opportunities and acquire or develop exploit tools to target vulnerable systems. Reconnaissance and Footprinting: OSINT supports cyber criminals in conducting reconnaissance and footprinting activities to gather intelligence about target networks and infrastructure. By analyzing publicly available information such as domain registrations, IP addresses, and network configurations, cyber criminals can map out their targets' digital footprint and plan their attack strategies accordingly. Why Cyber Criminals Also use OSINT? Cyber criminals use OSINT as a critical component of their attack lifecycle, leveraging publicly available information to identify targets, gather intelligence, exploit vulnerabilities, and maximize the impact of their malicious activities. By harnessing the power of open sources, cyber criminals can enhance the effectiveness and success rate of their cyber attacks. Malicious OSINT Let's explore a case scenario where cybercriminals use OSINT to carry out their malicious activities: Scenario: Business Email Compromise (BEC) Attack Background: A cybercriminal group specializes in conducting Business Email Compromise (BEC) attacks, targeting small to medium-sized businesses (SMBs) in various industries. The group aims to fraudulently obtain funds or sensitive information by compromising email accounts and impersonating company executives or vendors. Objective: Carry out a BEC attack against an SMB by gathering information about the company's employees, business processes, and financial transactions using OSINT. Attacks Steps OSINT Research on Target Company: The cybercriminal group conducts extensive OSINT research on the target company, including its website, social media profiles, and public records. They gather information about the company's organizational structure, key employees, business partners, vendors, and financial activities. Employee Profiling and Reconnaissance: The cybercriminals use OSINT to gather information about key employees, including executives, finance personnel, and IT administrators. They analyze social media profiles, professional networking sites, and public directories to gather personal and professional information about employees, including their roles, responsibilities, and relationships within the company. CONTD... Vendor and Partner Identification: The cybercriminals identify vendors, suppliers, and business partners associated with the target company through OSINT. They gather information about the vendors' contact details, invoicing procedures, payment terms, and communication channels to impersonate them in fraudulent emails. Email Spoofing and Phishing Preparation: Based on the OSINT research, the cybercriminals create spoofed email accounts mimicking company executives or trusted vendors. They craft convincing phishing emails using information gathered from OSINT to personalize the messages and increase the likelihood of success. Attacks Steps Execution of BEC Attack: The cybercriminals send phishing emails to employees within the target company, posing as company executives or trusted vendors. The emails contain urgent requests for wire transfers, payment updates, or sensitive information, exploiting trust and authority to persuade recipients to comply with the requests. Fraudulent Transactions and Data Theft: Upon successful compromise of email accounts, the cybercriminals initiate fraudulent wire transfers or divert payments to accounts under their control. They may also exfiltrate sensitive information, such as financial records, customer data, or intellectual property, for further exploitation or extortion purposes. Attacks Steps Covering Tracks and Evading Detection: To evade detection, the cybercriminals use anonymizing techniques, such as virtual private networks (VPNs) or Tor, to obfuscate their online activities. They may also delete traces of their phishing infrastructure and dispose of compromised email accounts to cover their tracks and avoid attribution. CONTD... Outcome: The cybercriminal group successfully executes the BEC attack against the target SMB, fraudulently obtaining funds and sensitive information. Despite efforts by the target company to detect and mitigate the attack, the cybercriminals evade detection and continue to operate using sophisticated techniques and tactics. The incident highlights the importance of OSINT in cybercriminal operations, enabling threat actors to gather intelligence, personalize attacks, and maximize the effectiveness of their malicious activities.

NACWS OSINT DAY1 (1) PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue