Accessible from the open web: a qualitative analysis of the available open-source information involving cyber security and critical infrastructure

A team at the Simon Fraser University led by Yuxuan Zhang (2022) described accessible from the open web. The development of automated decision-making and remote control systems in industrial devices has increased efficiency but also raised cybersecurity risks. Malicious hackers can use open-source intelligence data to plan cyberattacks on critical infrastructure. Governmental agencies may recruit or purchase data from motivated hackers for these purposes. While there is currently no evidence of cyberattacks solely relying on open-source intelligence data, it is important for researchers to recognize the potential for future attacks. The transition of industrial control systems to internet networks has created more opportunities for attacks. The failure of these systems can lead to financial and physical damage, loss of lives, and damage to company reputation. The current study aims to explore the types of open-source intelligence data that can be used for cyberattacks on the critical infrastructure industry. The study identifies three main themes of data: indirect reconnaissance data, proof-of-concept codes, and educational materials. These types of data can help attackers determine hacking strategies, avoid detection, choose malware, and identify ideal targets. The study emphasizes the need to address the security risks associated with open-source intelligence data. The analysis of publicly available resources reveals three major categories of data: CI-related reconnaissance data and information-gathering tools, malware proof-of-concept codes, and educational materials for hacker skills training. The development of technology and reliance on electronic systems increases cybersecurity risks for industrial systems. Open access cybersecurity information can be used maliciously by hackers.

The text discusses the analysis of search feedback on Shodan, with 28 displayed results. Additionally, a random selection of 70 YouTube videos and approximately 400 Reddit posts were reviewed.

Aspects of their findings potentially confirm earlier work in this topic: “The availability of online resources has reduced the need for deviant individuals to interact in person for skill-learning. Our findings indicate that there is a lot of hacking-related information on OSINT platforms,” Zhang suggested.

Discussing potential shortcomings, “The study has some limitations, including the inability to generalize the findings to all social media platforms and search engines. The authenticity of the analyzed content may also be an issue. The data collection method used in the study was time-consuming and manual, suggesting the need for automated techniques in future research. Despite these limitations, the study provides new information on the use of videos demonstrating successful attacks and suggests the potential impact of demo videos in the field of cybersecurity. Mitigation strategies such as mandatory cybersecurity training and stronger security measures are recommended. Further research should explore the impact of different types of OSINT resources and publicly available PoC codes on individuals' cybercrime engagement. Additionally, the study suggests reviewing current policies regarding sharable resources in the public domain to limit information exploitable by hackers while balancing people's right to access relevant cybersecurity materials,” they note.

They recommend that enhancement of data extraction and analysis is recommended for OSINT data. Researchers should use computerized techniques and automated programs to extract and filter relevant data.