Connect with us

Hi, what are you looking for?



News or Ruse? How Cyber Situational Awareness Can Help You to Distinguish

Whether you follow politics, healthcare, or sports, there’s a lot happening in the world right now and a lot to keep up with. Attackers are taking advantage of this flurry of activity and your quest for information to launch a new round of scams.

Whether you follow politics, healthcare, or sports, there’s a lot happening in the world right now and a lot to keep up with. Attackers are taking advantage of this flurry of activity and your quest for information to launch a new round of scams.

The Brexit is just the latest example in which we’ve seen a surge in malicious emails within hours of the referendum result. Promising to protect individuals from financial market upheaval, the ploy lures users to open an email and an infected attachment, or click on a link that goes to a malicious website. Subject lines like “Brexit causes historic market drop” are designed to create the sense of urgency so that targets click before they think.

Cybercriminals act fast to capitalize on the confusion and time-sensitivity that surrounds breaking news. They quickly register domain names that sound official and create fake sites. Techniques like typosquatting or URL squatting to spoof the names of legitimate sites, and SEO poisoning to inflate search engine ratings, make it extremely difficult for a typical user to identify when they are being duped.

Attackers then devise their scheme for engaging targets. They may use malware delivered through an email to damage files, collect personal information or to hijack systems that will serve as a launching pad for other mechanized attacks. Or, they may use phishing scams to lure targets to their bogus sites, posing as a legitimate sender and pointing users to a website where they input personal financial data.

Situational Awareness

While many of these techniques are not new, what is new is the speed and specificity with which these campaigns are launched and the combination of methods used. Most front-line defenses can’t protect against these types of attacks. So what can you do to help reduce the odds of a click that exposes your organization to risk?

Education is an important first step. Despite the fact that most of us are familiar with phishing, it remains problematic. Verizon’s 2016 Data Breach Investigations Report found that in phishing tests, the number of people who opened phishing emails rose from 23 percent to 30 percent, an increase researchers attribute to more skillful attackers. Reminding users not to open attachments or click on links they don’t recognize or haven’t requested and quickly deleting these types of emails can prevent many attacks from being successful.

But humans make errors.

What’s needed is greater threat intelligence, specifically cyber situational awareness – the ability to look at your environment through the eyes of an attacker to detect the threats and vulnerabilities relevant to your organization. If security professionals can see that same picture of their own organizations they can use it to better secure their business, mitigating risk associated with the attack surface, which includes people.

Advertisement. Scroll to continue reading.

To gain an attacker’s eye view you need to think like an attacker. You need to approach your organization from the outside using the same techniques as attackers – social engineering, long-term reconnaissance and data mining over time to discover information relevant to the organization from a business, personal and asset perspective. With a picture of what your organization looks like digitally to the outside world, you can conduct threat mitigation which often starts with basic patching and reconfiguration. The Verizon 2016 DBIR revealed that the vast majority of exploited vulnerabilities compromised were more than a year old and that the top 10 vulnerabilities accounted for 85 percent of successful exploit traffic.

While patching is critically important, cyber situational awareness can offer even greater insights. It can help security professionals identify typosquatted domains used for phishing, business email compromise, fraud and other nefarious activity. And by monitoring the dark web – Tor, the Invisible Internet Project (I2P), paste and criminal sites – it can help organizations find personally identifiable information or intellectual property that has been leaked as well as discover where this data is leaking from and who is seeking to exploit it. These revelations can provide organizations that have fallen prey to these scams with greater context and insights to better understand a threat actor’s tactics, techniques and procedures (TTPs). They can prioritize threat protection and policies based on the threat environment and their strengths and weaknesses and make better decisions about future investments in defensive measures.

There’s a lot you can do to distinguish between news and ruse and better protect your organization from opportunistic attackers. With a clear picture of your online exposure, you gain a greater understanding of how to mitigate risk to your organization.

Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights