Open-source intelligence (OSINT) is one of the most valuable tools available to cybersecurity experts. In most cases, experts use these tools to carry out ethical hacking and penetration testing. In some cases, they also use OSINT tools to identify external threats, helping them to remain prepared.
However, like all other tools that are available to cybersecurity experts, OSINT tools are also accessible to cybercriminals. In this section, we will focus on how OSINT is used by cybercriminals to launch cyberattacks aimed at veterinary practices.
What is Open Source Intelligence (OSINT)?
Open-source intelligence (OSINT) refers to any information that can legally be gathered from free, public sources about an organization or an individual. According to U.S. public law, open-source intelligence is produced from publicly available information, the collected information is analyzed and disseminated in a timely manner to an appropriate audience, and it addresses a specific intelligence requirement.
It is important to note that open source information is not limited to only what you can find using the major search engines. In fact, despite being a major part of open source information in OSINT, web pages and other resources that can be accessed through search engines such as Google only constitute a small percentage of the internet.
According to former Google CEO Eric Schmidt, major search engines cannot find more than 99 percent of data on the internet. This is because the surface web-only accounts for less than a percentage point and it is the only portion that is available to search engines. Instead, a large portion of the internet, including a mass of websites, databases, files, videos, and profiles, is in what is known as the deep web. This includes information on websites that require a login or are behind a paywall. Fortunately, even data on the deep web can be considered open source because it is readily available to the public.
Other information that can also be considered open source include:
- Published media such as news and video content.
- Information that is obtained from the government through public requests, such as census data.
- Any information that can be seen or heard by any casual observer.
- Any information on a public meeting.
- Any information gathered when attending or visiting a place that is open to the public.
How Cybercriminals use OSINT against Veterinary Practices
Cybercriminals are always on the lookout for their next victim. One of the tools they use is open source intelligence that helps them conduct reconnaissance on publicly available information about your veterinary practice with the aim of launching an attack.
They comb through websites, IP addresses, social media accounts, digital files such as videos and photos, and geospatial information to get to know more about your practice. The research on OSINT against veterinary practices is also done to identify weaknesses in your network.
Cybercriminals can also use OSINT tools to access information about veterinary practices such as webcams, open ports, printers, networks, and networks. In a world where almost everything is connected to the internet, OSINT tools can also be used by cybercriminals to access pretty much everything that is connected to the internet.
When used by more experienced cybercriminals, OSINT can also identify potential weaknesses in a network, such as:
- Accidental leaks of sensitive information.
- Unpatched software running in your veterinary practice.
- Exposed assets such as proprietary code and login information that are mostly available on pastebins.
One of the reasons veterinary practices have become a major target for cybercriminals is not because they were specifically targeted, but rather because vulnerabilities in their networks or their website architecture were found by cybercriminals using simple OSINT techniques.
It is also important to note that OSINT use by cybercriminals can go further than targeting your veterinary practice. In some instances, personal information can be accessed using OSINT techniques and be used to tailor sophisticated social engineering campaigns using phishing (email), vishing (phone or voice mail), and text messages. When used properly against individuals or organizations, these social engineering techniques have been found to be among the most effective methods of launching attacks.
Despite being one of the most important tools for cybersecurity experts, OSINT tools have also become the go-to solution for cybercriminals wanting to launch attacks. These tools allow them to conduct metadata searches, people and identity investigations, phone number research, email search and verification, and social media site searches to learn more about your target.
By using these tools, cybercriminals are able to have an edge when they finally launch an attack, which has made it hard for veterinary practices to respond appropriately to such attacks.