By 
In the digital age, a company’s most visible assets tend to be the most vulnerable as well. Such assets include senior leadership. Threat actors see them as more than just business leaders. They are primary targets for blackmail, extortion, revenge, and so on. But comprehensive open-source intelligence (OSINT) investigations can flip the script on would-be attackers.
Those who would target senior executives have their preferred tools. From whaling phishing to doxing to outright corporate espionage, each attacker has a serious intent and preferred tools for accomplishing it. Security teams with an OSINT mindset can utilize OSINT threat actor profiling and other strategies to identify these individuals and stop them in their tracks.
To Stop Doxing, Think Like a Doxer
All sorts of hackers, including doxers, utilize a strategy known as ‘footprinting’. They scour the internet for all sorts of information on their targets: home addresses, personal cell phone numbers, travel patterns, and even family member social media accounts.
From the security analyst’s standpoint, it is pretty simple: to stop doxing you need to think like a doxer. Effective analysts utilize the same foot-printing strategy to practice defensive doxing. In other words, an analyst will map out a digital footprint of an executive during an OSINT investigation. Doing so helps identify leaks before a threat actor can find and exploit them.
OSINT provider DarkOwl explains that an investigator will often employ:
- Property Record Mining – An exercise in discovering if an executive’s home address is easily found in publicly available databases (like tax records and real estate transactions).
- Social Graphing – The process of identifying how much information family members are inherently sharing on social media. Think of photos, geo-tagged posts, and so forth.
- Infrastructure Analysis – The process of combing through historical data breaches to see if an executive’s personal email addresses or outdated usernames have been leaked.
Looking for the same information a doxer would hunt for can help close the vulnerability loop. As a bonus, the same data can be leveraged for OSINT threat actor profiling.
Profiling Tracks the Hunters
Finding hidden data that could help hackers target executives represents just one side of the protection coin. The other side is knowing who is hunting for that data. OSINT threat actor profiling identifies the hunters. And once they are identified, they can be tracked. The result is that protecting an executive becomes proactive rather than reactive. Instead of waiting for an attack to occur, analysts and investigators go looking for the hunters still doing their recon work.
Building comprehensive OSINT threat actor profiling gives investigators a leg up on the Tactics, Techniques, and Procedures (TTPs) threat actors tend to favor. If a particular individual or group is known for targeting executives in a specific sector, for example, the security team can preemptively implement effective prevention strategies.
In essence, knowing both the ‘who’ and ‘how’ of a potential attack gives security analysts the advantage. Now they are the ones who can catch attackers off guard rather than the other way around.
Using Their Own Data Against Them
As sophisticated as modern hackers have become, they cannot escape human nature. They tend to reuse the same tactics time and again. Security analysts can use that data against them. That is the whole point of OSINT investigations and OSINT threat actor profiling.
The line between hacker reconnaissance and analyst investigation is not technique. It is intent. When an analyst knows the intent behind a potential attack, he is better equipped to stop it. OSINT is an open door to information capable of tying techniques, capabilities, and intent together.
Comments