The processes and tools behind a true APT campaign: Reconnaissance

Reconnaissance marks the first step in the APT campaign, where attackers identify their targets and how to attack them

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

This article is part of a series about APT campaigns. The other topics covered in this series are weaponization and delivery, exploitation and installation, command and control, and exfiltration.

In part one of a series on understanding the processes and tools behind an APT-based incident, CSO examines the reconnaissance aspect of an attacker's campaign. This is the first step of many, and often helps the attacker identify who to attack and how.

Personal Information: People are your weakest link

All too often, the information that harms an organization or person the most is something that wasn't viewed as important enough to protect to begin with. This can be anything from telephone or email directory listings, metadata within a document passed around online, to an executive's full name and corporate biography.

Some information can be discovered through public records and Web searches, but sometimes that isn't the case. The information about a person or organization that is found publically is called Open Source Intelligence (OSINT), because it is freely and publically available to anyone who knows how to find it. The problem is that for most people, the amount of OSINT available from a single source is usually rather scarce.

[New malware variant suggests cybercriminals targeting SAP users]

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.