Open in app

Sign in

Write

Sign in

Cyber Intelligence - The Power of Knowledge — Security Tips

Osman Kandemir
6 min readJul 4, 2023

Hi there, I am going to write about cyber intelligence today. I will try to provide useful information. Good reading.

Why is Cyber Intelligence Important ?

We are living a digital world. Now, everyone has got many footprints on world wide web. Unfortunately , we can’t escape from foot prints only we can reduce them. As a result, the Internet never forgets about footprints.

Now, I going to talk about “How to do OSINT, SOCMINT, GEOMINT, CYBINT/DNINT, HUMINT, IMINT” on this blogpost.

I want to talk about a few scenarios with help of cyber intelligence under a few sections.

Cyber Criminals

As a sample, if authorized cyber security engineer want to catch a cyber criminals that commit crimes. Cyber security engineer will need informations about him. This cyber intelligence work type of name is CYBINT/DNINT (Cyber Intelligence/Digital Network Intelligence).

Following steps can be performed to detect or define a cyber criminal.

  • To perform personality analysis from writing style. For example, a person’s language and word choice in their writings may reflect how analytical, creative, or emotional they are.

As another example, you might understand a script kiddies from their aggressive writing style. Illegal forum usernames and comments can given as a sample of data.

  • To perform correlation analysis with other relational information. Review of results and calculate probability of correctness.

Sample to a correlation:

If someone shared as “My cat fell from third floor at today” submission on twitter. Actually, giving information that he sit on the third floor in an apartment. This working names are SOCMINT and GEOINT.

  • If is there a cybercriminal’s malicious application on anywhere system. You might do static and dynamic penetration tests for these suspicious applications and malicious attacker’s thought ways. (Malware Analysis etc.)
  • You might do reverse social engineering after you contact a cybercriminal or relation person so that you might collect information about cyber criminal. Generally script kiddies, crackers, phreakers try to sell somethings. You can be a customer. This work name is HUMINT.
  • If is there a cybercriminal’s images on anywhere. Cyber security engineer or information security personel might do image forensic or image steganography analysis for the more information. The name of this study is IMINT.

Attention: If you are collecting information about someone or company, you may be committing a crime.

Emergencies

Unfortunately, There was earthquake in Turkey. We were sad. When we were thinking of doing any things we has decided to work on OSINT for the earthquake. To gather accurate information, we decided to use twitter location search filter for people under the rubble. We wrote this info on discord channels. This working names for this type of information are SOCMINT and GEOINT.

In addition, While the earthquake was happening, cyber security companies and security experts were working to combat cybercriminal activities. (phishing, threat intelligence reports etc.).

As a result, cyber intelligence is very important in emergency situations.

Fake News

Fake news is easiest way to manipulate a real incident. Following steps can be performed to detect fake news.

  • Determining the source’s (News Sites, Forum, User) accuracy probability percentage of the according to the information it’s shared.
  • To extract the probability of being true and false from the data in the published news and to perform OSINT work on this information.
  • Investigation to relationship chat, forum and community of the news and to perform accuracy probability. (Strategic Intelligence)
  • Follow and evaluate other cyber security analysts comments about the incident.
  • If there is shared fake news by social media accounts. To make correlation with the help of social media username and information shared.

As a result, a correlation can be made to understand a fake or correct news.

Scammers

Social Media Scams

  • This methods is way for a cyber criminal to scam people with help of product sell method.

Phone Scams, Business Offer Scams

  • Asking for money to sell a product or because of an incident, or asking for information that violates personal privacy by offering a job. Furthermore, you can check the source 4.

Rental Scams

Cyber criminals can can create fake rental websites applications.

Tips with the help of OSINT:

  • Sellers who do not have a website should not be trusted via social media.
  • Search engines or the name of the company that makes deceptive sales can be investigated with the OSINT study.
  • The caller’s phone number can be search in search engines. It can be reverse engineering.
  • You can use web services in your country, such as https://www.eticaret.gov.tr/sirketsorgula in Turkey, to check if a company is fake or real.

Security Tips

Tips for Personnel: Technical and Behavioral Tips

Before these tips, the more important question is “Why are you interested privacy ?”.

  • We should not share too many posts on social media because the associated information about this topic is very important.
  • Unix-based or Linux operating systems can be used.
  • Cache and data not stored search sites can be used. (e.g., startpage.com)
  • Tor Network with VPN can be used.

Tips for Corporate: Technical and Behavioral Tips

  • Employees should be also trained about cyber threat intelligence.

Sample Applications: Cisco Umbrella, DeCYFIR, IBM X-Force Exchange, MSTICPy, Treatpost, Misp

  • DLP (Data Loss Prevention) solution applications should be implemented to prevent or detect information losses.

Sample Applications: Digital Guardian DLP, ForcePoint DLP, Symantec DLP

Schema 1: DLP Description

The benefits of data loss prevention have been explained in the above schema (Schema 1).

  • Company employee should take information security awareness training. Information management standards such as ISO 27001, ISO 27002, ISO 27701 can be implemented at the company.
  • Laws and regulations such as GDPR, LGPD, KVKK should be also implemented by the company.
  • Experienced Cyber Security Analysts should also be determined information leaks vulnerabilities with the help of Incident management applications, OS Analyzers, Network Analyzers, E-mail Security Gateways/Analyzers, Cyber Threat Intelligence Services, IPS, IDS, EDR, XDR, NDR, MDR and SIEM.

Incident management applications as examples : TheHive, GRR Rapid Response

OS Analyzers applications as examples: HELK, Volatility, Wazuh, RegRipper, OSSEC, osquery

Network analyzers applications as examples: Wireshark, pfSense, Arkime, Snort, Suricata.

E-mail Security Gateways/Analyzers as examples: Trend Micro Email Security, Proofpoint, Barracuda Email Security, Symantec Email Security, Mimecast, Sophos Email Security, Cisco Email Security

Cyber Threat Intelligence Services as examples : Recorded Future, ThreatConnect, Anomali, Symantec DeepSight Intelligence, FireEye iSIGHT Intelligence, CrowdStrike Falcon X, Palo Alto Networks AutoFocus, AlienVault OTX (Open Threat Exchange), IBM X-Force Exchange, ThreatStream (Anomali).

IPS and IDS applications as examples : Snort, Suricata, Cisco IDS, McAfee Network Security Platform, IBM QRadar, AlienVault USM (Unified Security Management), Darktrace, FireEye Network Security, Palo Alto Networks PAN-OS, Cisco Firepower, Trend Micro TippingPoint, Fortinet FortiGate, Check Point IPS.

EDR and XDR applications as examples: Cortex XDR, Cynet 360, FortiEDR, Xcitium.

NDR applications as examples: Darktrace, FireEye Network Security, Vectra AI, Palo Alto Networks Cortex XDR, ExtraHop Reveal(x), Cisco Stealthwatch, RSA NetWitness, Fidelis Cybersecurity.

MDR applications as examples: CrowdStrike Falcon Complete, FireEye Managed Defense, Mandiant Advantage MDR, Secureworks MDR, Rapid7 MDR, Cybereason MDR, Bitdefender MDR, Carbon Black Cloud Managed Detection.

SIEM applications as examples: OSSIM, Splunk, LogRhythm, Wazuh, Qradar.

  • Web Service APIs should be also restricted, and software developers should receive API security training. Because, API development is important on web development process.

Footnote

  • If a information is leaked, malicious person can implicate someone in a crime or interfere with their private life.
  • The main reason for information security solutions and cyber security actions is to prevent to leak of personnel or company information.

Finally, Even so we can’t escape from leaving a web footprints. However, we can reduce them.

Stay Safe. Stay Curious. Stay WHITE.

Resources

1- https://www.clearswift.com/solutions/adaptive-data-loss-prevention

2- https://www.spiceworks.com/it-security/vulnerability-management/articles/best-cyber-threat-intelligence-tools/

3- https://www.kaspersky.com.tr/resource-center/threats/top-six-online-scams-how-to-avoid-becoming-a-victim

4- https://www.kaspersky.com.tr/resource-center/threats/how-to-avoid-mobile-phone-scams

5- https://www.esecurityplanet.com/products/threat-intelligence-platforms/

Cyber Intelligence
Cyber Security Awareness
Information Security
Cyber Security Solutions
Information Security Tips

--

--

Osman Kandemir

Written by Osman Kandemir

13 Followers

#CyberSecurity #InformationSecurity #Python — Computer Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams