When organizations think about their online presence they primarily think of their website, social media profiles (and the number of likes a certain post or photo has), and any news articles that may be referring to them typically in a positive way. The unfortunate matter is that this is not the only information or details that is available online about these organization and not all of it is positive. Collected through passive reconnaissance techniques, it is this information that threat actors can leverage to coordinate a target a cyber-attack against your organization.
This information can be found anywhere online and makes up what is known as a digital-footprint. Some of this information can be found in plain sight such as through a Google search, while other information is embedded in the metadata of a photograph, hosted on a hidden website, or simply interpreted in a way as it was not intended. On their own each piece of information may not mean much, but when they are correlated and enriched with other findings the greater picture may become clearer. By seeing how the pieces fit together it can identify attack vectors that when exploited could be potentially dangerous.
The best way for an organization to defend against passive reconnaissance activity, is through awareness. In becoming aware of your digital footprint from a threat actor point of view, organizations can take corrective actions to remediate any risk within their control. This could be an update to an internal process, enhancement to a security control, or even the removal of data from their website, and in most cases these controls are fairly simple to implement and an effective means to increase the security posture of your organization.
InfoTransec can provide passive reconnaissance assessments of your organization to help organizations see and understand that information is really out there and what the risks and threats your organization is exposed to. This knowledge plays a significant role to empower organizations in taking proactive measures to defend against these threats.
