Traffic analytical tools can cause unintentional sensitive information disclosure.
Most of precisely targeted attacks on IT infrastructures are originated from outside of security perimeters of the victimized organizations. However, the security openings allowing cyber attackers to breach security mechanisms overwhelmingly originated either with unintentional help of insiders or disclosure of sensitive information.
Information disclosure might be a bigger threat then a not patched system. Organizations say that the biggest risk to their security is the disclosure of the internal information on social media. It is hard to employ technologies to detect such events and it may take a serious security specialist with anti-scouting skills to detect such disclosures.
Hackers use different techniques for cyber scouting and reconnaissance. IT organizations should be aware of some of them.
Example can be Google Analytics. Google Analytics java script picks up information from web pages and send it to Google. Then your analytical data is available to public.
Here is an example how Google unintentionally discloses its own emails through its own tools.
This image below shows how analytical tools pick up and disclose an email address.
Similarly analytical tools can disclose hashes, hidden information, email addresses, subjects of emails and other.
Digital Edge would like to thank Fred Legrand, who was a contributor on this subject, as an advanced marketing data analyst who uses unique techniques to provide his clients with information about online behavior.
Digital Edge designed comprehensive cyber reconnaissance and anti-scouting methodology. We help clients to make sure that there are no vulnerabilities exist through information disclosure.
Digital Edge provides the following security services:
- Security Operation Center
- Vulnerability Scanning
- Security Assessment
- Building and supporting security systems based on ISO 27001, SOC 2 or NIST core standards.