In this episode of the Security Swarm Podcast, host Andy is joined by Romain Basset, the Director of Technology Strategy at Hornetsecurity. They’re exploring the topic of Open-Source Intelligence (OSINT) - what it is, how threat actors use it to launch effective attacks, and the dangers it poses.  

Throughout the episode, they discuss the ease with which OSINT can gather information using AI and other tools and provide examples of how it can be used in phishing, business email compromise, and even deep fake attacks. The conversation also touches on the importance of privacy awareness and security awareness training to mitigate these threats. 

Key Takeaways: 

• OSINT refers to publicly available information that threat actors can easily gather to launch targeted attacks. This includes social media profiles, online forums, data breach databases, and more.   
• Threat actors are using OSINT to not only target individuals, but also find vulnerabilities in organizations' web-facing software and infrastructure.   
• Combating OSINT-powered attacks requires a multi-pronged approach of improving privacy awareness and implementing robust security awareness training programs. 

Timestamps: 

(02:24) - Definition of OSINT 

(07:17) - How AI makes OSINT-powered attacks easier 

(15:22) - Using OSINT to target organizations 

(25:35) - Mitigating OSINT-powered attacks 

Episode Resources:

Train your users with a personalised Security Awareness Service

Business Email Compromise: The $43 Billion Scam