June 12, 2018
PATCHING HUMAN S2PDT 102 - "Phishing Defense with OSInt"
June 12, 2018
When I spoke at one of the local cybersecurity conferences in Panay last November of 2017 on "Evading Social Engineering Attack | Hacker's Frontier," specifically with phishing, most of the approaches discussed were manual. In this article, I would like to share an approach that is automated using Open Source Intelligence (OSInt), in which every member of the family and the community is 99% safe.
And what about the 1%? Well, it is the common sense that humans most often don't use when connected to the Internet that makes us vulnerable to attack 1% of the time. Adversaries just need to try their luck, and 90% of them succeed according to the Forbes survey early last year in 2017.
Remember that crackers (bad hackers) are like snipers who are very patient, aiming to shoot us as they wait for that one-time opportunity to compromise our network.
One of the longest publicly available tools I used when Virus Total and other sandboxing sites were not yet online was Netcraft. It was already there, and with it, you can verify if a website is bogus or has a bad reputation through its risk scoring system.I remember sharing this tool at a student convention in Clark, Pampanga (SSITE 2006) when I was invited by the PSITE Region III president right after the government sent me to Taipei, Taiwan for a two-month study with their ecommerce team (an APEC-ADOC Collaboration). It was the same year that I graduated with my master's degree in IT.So, it means Netcraft was already an OSInt for a long time, which most IT security professionals do not know. And if they do, they merely rely on their company tools that are worth hundreds of thousands of dollars but do not work 100% of the time.
Good for them if that works, but not for their loved ones, who do not have those tools installed on their devices, especially in Internet of Things (IoT) and Industrial Internet of Things (IIoT) situations.Netcraft has anti-phishing toolbar add-ons for Firefox, Google Chrome, and Opera. The installation guide can be found here: https://toolbar.netcraft.com/.
This second defense is an arsenal that blocks against known malicious domains, preventing your computers and IoT devices from connecting to malware or phishing sites. Whenever a user clicks on a website link or types in an address into a web browser, the DNS server will check the site against IBM X-Force threat intelligence that includes 800+ terabytes of threat intelligence data, including 40B+ analyzed web pages and images, and 17 million spam and phishing attacks monitored daily.Isn't that awesome?!This tool is called QUAD9. To learn more about it, get some popcorn and click on this link: https://quad9.net/about/.For Apple computer and Microsoft computer users, the setup procedures can be followed here: https://quad9.net/#Setup_Quad9. Yes, you read it right: setup, not downloads and installations. It will take you less than a minute to set up, probably 10 minutes if you are not tech savvy.
There is no one-size-fits-all solution for every IT security problem. But the moment we believe that we are 100% secure with the tool we are using based on its price and popularity, then it is when that 1% I mentioned earlier kicks in when the adversary is waiting to hack you.
About the Author
Michael Rebultan, aka “Art,” has more than 15 years of experience as an IT professional with a background in PCI-DSS audit, Unix/Linux server administration and lockdown, R&D, VAPT, and currently DFIR in both IT and the ICS/SCADA environment. He holds a master's degree in IT with a major in ecommerce security, as well as a professional graduate diploma in Digital Forensics and Cyber Security in continuing education. He has served as a local speaker at FOSS Asia (Singapore), Null Singapore, PEHCON (Philippines), and a Linux Meet-Up Group (Singapore).He specializes in computer forensics, network intrusion, data breaches, global cybercrime, volatile memory, and malware analysis.