Threat Reconnaissance Reports

Reconnaissance allows organisations to better understand the threats they face, take constructive action to mitigate those threats, and satisfy compliance obligations.

CSA provide two types of reconnaissance report that both identify an organisations digital footprint and the type of data that a cyber-criminal would gather during the reconnaissance phase of a cyber-attack. The reports provide insightful information and actionable advice that can help mitigate cyber, reputational and commercial risk.

ReconMonitor:

A monthly report service which is focused on specific assets that the customer wants to monitor. Assets can include a company and its subsidiary brands, the names and email addresses (work and personal) of key employees / board members or VIP’s (e.g. key hires), social media handles, web addresses, IP addresses, DLP (Data Loss Prevention) Indicators e.g. internal names for sensitive projects etc.

ReconOne:

A manual one-off threat intelligence research report carried out by CSA analysts to identify multiple potential attack vectors. It highlights to the customer, information that is easily available to a hacker, which would make their job of breaching the organisations defences easier and can identify security holes that need immediate attention.

Risk categories identified in reconnaissance reports:

  • Attack Intention – cyber noise identified suggesting that an asset has a high probability of being attacked

  • Data Leakage – email addresses, usernames or other assets identified as breached

  • Phishing – an asset has been identified as vulnerable to a phishing attack

  • Brand Security – a brand asset has been compromised or has some associated negative noise

  • VIP – cyber risk related to a VIP asset

  • Exploitable Data – an IP or domain asset is associated with out of date vulnerable hardware or software

CSA analysts use a unique combination of open source feeds (Google, Yahoo, Bing, Facebook, Twitter, LinkedIn etc) and closed source feeds (paid for and closed invite only) as well as Dark Web (Tor sites and forums) to gather intelligence.

Often the reports identify vulnerabilities that can be easily fixed to reduce the ease with which potential attackers may breach a customer’s defences. However, they may indicate the need for further investigation in the form of a cyber security assessment.