PATCHING HUMAN S2PDT 102 – “Phishing Defense with OSInt”

June 12, 2018 | Views: 1544

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Synopsis

When I spoke at one of the local cybersecurity conferences in Panay last November of 2017 on “Evading Social Engineering Attack | Hacker’s Frontier,” specifically with phishing, most of the approaches discussed were manual. In this article, I would like to share an approach that is automated using Open Source Intelligence (OSInt), in which every member of the family and the community is 99% safe.

And what about the 1%? Well, it is the common sense that humans most often don’t use when connected to the Internet that makes us vulnerable to attack 1% of the time. Adversaries just need to try their luck, and 90% of them succeed according to the Forbes survey early last year in 2017.

Remember that crackers (bad hackers) are like snipers who are very patient, aiming to shoot us as they wait for that one-time opportunity to compromise our network.

1st Defense

One of the longest publicly available tools I used when Virus Total and other sandboxing sites were not yet online was Netcraft. It was already there, and with it, you can verify if a website is bogus or has a bad reputation through its risk scoring system.

I remember sharing this tool at a student convention in Clark, Pampanga (SSITE 2006) when I was invited by the PSITE Region III president right after the government sent me to Taipei, Taiwan for a two-month study with their ecommerce team (an APEC-ADOC Collaboration). It was the same year that I graduated with my master’s degree in IT.

So, it means Netcraft was already an OSInt for a long time, which most IT security professionals do not know. And if they do, they merely rely on their company tools that are worth hundreds of thousands of dollars but do not work 100% of the time.

Good for them if that works, but not for their loved ones, who do not have those tools installed on their devices, especially in Internet of Things (IoT) and Industrial Internet of Things (IIoT) situations.

Netcraft has anti-phishing toolbar add-ons for Firefox, Google Chrome, and Opera. The installation guide can be found here: https://toolbar.netcraft.com/.

2nd Defense

This second defense is an arsenal that blocks against known malicious domains, preventing your computers and IoT devices from connecting to malware or phishing sites. Whenever a user clicks on a website link or types in an address into a web browser, the DNS server will check the site against IBM X-Force threat intelligence that includes 800+ terabytes of threat intelligence data, including 40B+ analyzed web pages and images, and 17 million spam and phishing attacks monitored daily.

Isn’t that awesome?!

This tool is called QUAD9. To learn more about it, get some popcorn and click on this link:  https://quad9.net/about/.

For Apple computer and Microsoft computer users, the setup procedures can be followed here: https://quad9.net/#Setup_Quad9. Yes, you read it right: setup, not downloads and installations. It will take you less than a minute to set up, probably 10 minutes if you are not tech savvy.

Conclusion

There is no one-size-fits-all solution for every IT security problem. But the moment we believe that we are 100% secure with the tool we are using based on its price and popularity, then it is when that 1% I mentioned earlier kicks in when the adversary is waiting to hack you.

About the Author

Michael Rebultan, aka “Art,” has more than 15 years of experience as an IT professional with a background in PCI-DSS audit, Unix/Linux server administration and lockdown, R&D, VAPT, and currently DFIR in both IT and the ICS/SCADA environment. He holds a master’s degree in IT with a major in ecommerce security, as well as a professional graduate diploma in Digital Forensics and Cyber Security in continuing education. He has served as a local speaker at FOSS Asia (Singapore), Null Singapore, PEHCON (Philippines), and a Linux Meet-Up Group (Singapore).

He specializes in computer forensics, network intrusion, data breaches, global cybercrime, volatile memory, and malware analysis.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel