SecurityBrief Asia logo
Asia's leading source of security and threat news
Story image
The attack surface: 2019's biggest security threat
Story image
Opinion: Cybersecurity as a service answer to urgent change
Story image
New threat rears its head in new malware report
Story image

Trustwave releases facial recognition tool for pentesters

09 Aug 2018
Kai Ping Lew

Performing intelligence gathering on is a time-consuming process, typically starting by attempting to find a person’s online presence on a variety of social media sites.

While this is an easy task when there are only a few targets, it can become incredibly tedious when done at scale.

To answer this need, Trustwave has announced the release of Social Mapper, an open source intelligence tool that uses facial recognition to correlate social media profiles across a number of different sites on a large scale.

Trustwave, which provides ethical hacking services, has successfully used the tool in a number of penetration tests and red teaming engagements on behalf of clients.

It takes an automated approach to searching popular social media sites for names and pictures of individuals to accurately detect and group a person’s presence, outputting the results into a report that a human operator can quickly review.

It's primarily aimed at penetration testers and red teamers, who will use it to expand their target lists, aiding them in social media phishing scenarios.

Its primary benefit comes from the automation of matching profiles and the report generation capabilities.

As the security industry continues to struggle with talent shortages and rapidly evolving adversaries, it is imperative that a penetration tester’s time is utilized in the most efficient means possible.

Social Mapper supports the following social media platforms:

  • LinkedIn
  • Facebook
  • Twitter
  • Google+
  • Instagram
  • VKontakte
  • Weibo
  • Douban

Once Social Mapper has finished running and the reports have been collected, here are some examples of how pentesters can use the information generated. They can:

  • Create fake social media profiles to 'friend' the targets and send them links to credential capturing landing pages or downloadable malware. Recent statistics show social media users are more than twice as likely to click on links and open documents compared to those delivered via email.
     
  • Trick users into disclosing their emails and phone numbers with vouchers and offers to make the pivot into phishing, vishing or smishing.
     
  • Create custom phishing campaigns for each social media site, knowing that the target has an account. Make these more realistic by including their profile picture in the email. Capture the passwords for password reuse.
     
  • View target photos looking for employee access card badges and familiarise yourself with building interiors.
More:
Share on: LinkedIn Twitter Facebook
Story image
The attack surface: 2019's biggest security threat
Story image
Opinion: Cybersecurity as a service answer to urgent change
Story image
New threat rears its head in new malware report
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.
Story image
New digital world causing concern for IT auditor recruitment
Nearly 2/3s of organisations say the tech skills gap is already impacting IT audits. A new study identifies the top five skills auditors seek.
Story image
Microsoft, DigiCert, Utimaco tackle quantum computing threats
The algorithm could bring the world one step closer to a secure internet of things.
Story image
OneSpan uses AI to tackle financial account fraud
Its new solution uses machine learning to protect online and mobile channels, as well as meet compliance requirements for transactional risk analysis
Story image
Threat prioritisation feature announced for Tenable platforms
Predictive Prioritisation enables organisations to focus on the three percent of vulnerabilities that have been or will likely be exploited in the next 28 days.
Story image
Interview: Inside the crybercriminal gig economy for bots
Techday spoke to Akamai Asia Pacific security technology and strategy head Fernando Serto about how organisations are being impacted.
Story image
Migration away from on-prem data centres stalled by security
Despite the surging cloud adoption that is rife around the world, a new study has revealed there’s still a lack of understanding around security.
Story image
Report finds average DDoS attack volumes have trebled in past year
"The increase in the impact and complexity of attacks continues unabated," says Link11 COO Marc Wilczek.
Story image
Ziften extends proprietary AI/ML security across all endpoints
AI and ML algorithms now work throughout all phases of the Zenith cybersecurity platform.
Story image
Webroot to be sold for $618.5m
Webroot is about to be sold to data protection firm Carbonite for US$618.5 million after the two companies entered into a definitive agreement this week.
Story image
Singapore govt, telcos must refrech cybersecurity focus
"The telecomm industry is key and is fundamental to secure our telco infrastructure and services, and the business that telco operators provide.”
Story image
Cybercrime tools and services becoming increasingly democratised
Findings from Check Point's new report reveal a concerning trend as cybercrime grows increasingly well-managed and accessible.
Story image
Four ways the technology landscape will change in 2019
Until now, organisations have only spoken about innovative technologies somewhat theoretically. This has left people without a solid understanding of how they will ultimately manifest in our work and personal lives.
Story image
CrowdStrike opens endpoint protection platform to third-party apps
The CrowdStrike Store leverages the cloud for both scale and telemetry, enabling applications to deliver faster, smarter, and more effective solutions.
Download image
From magstripe to mobile: The evolution of access management
HID Global examines solutions available today, the future of mobile access, and why it’s critical to ensure that each component of the access control ecosystem is as secure as possible.
Download
Story image
Palo Alto changes up partner programme
The changes include a dedicated programme for managed services providers and a raft of new processes and initiatives.
Story image
Facial recognition tech can identify partial images of people
We’re now at the point where technology doesn’t even need an entire image of someone to identify them.
Story image
Frost & Sullivan: Big data is key to preventing cyber breaches
“This technology can proactively predict breaches before they happen, as well as uncover patterns from past incidents to support policy decisions."
Download image
Whitepaper: How to secure your data in a remote world
Gartner predicts that 80% of worker tasks will take place on a mobile device by 2020.
Download
Download image
Product review: LogRhythm CloudAI a revolutionary tool
SANS has provided an independent review of a new AI analytics solution designed to rescue businesses 'drowning in data' from SIEM platforms.
Download
Story image
Massive jump in email fraud targeting healthcare - Proofpoint
The report analyses more than 160 billion emails sent across 150 countries in both 2017 and 2018 to identify email fraud attack trends.
Story image
Email fraud increased by 476% in last year - Proofpoint
As these threats continue to grow in volume and sophistication, it is imperative that organisations implement a people-centric security approach.
Story image
Death by cryptocurrency: Could $190m be lost forever?
Exit scam, or just plain bad luck? Investors in one of Canada’s largest cryptocurrency exchanges will be pondering that very question.
Download image
Digitally transform or fall behind - 3 key points to remember
In this report Unisys details three key areas focus on when implementing a successful digital transformation as with every opportunity comes risk.
Download
Download image
Whitepaper: Ransomware is evolving – how is your security keeping up?
Kaseya explores how automation and integration can help organisations stay ahead of security threats.
Download
Story image
617 million stolen records up for sale on dark web
It may not be the first time the databases have been offered for sale.
Story image
Veritas strengthens AWS partnership with new competencies
Veritas NetBackup and Backup Exec now support multiple AWS storage classes.
Story image
Interview: Tenable CTO on how companies should measure cyber risk
Rising geopolitical tensions coupled with an expanding attack surface have left governments and organisations vulnerable to targeted attacks.
Download image
Whitepaper: Five key ways to lock down BYOD with MFA
IT and security managers need to move beyond usernames and passwords, expanding their use of multi-factor authentication (MFA) to help provide secure and convenient access.
Download
Download image
Report: How IT Is responding to digital disruption and innovation
Today “every company is in the software business" to get a competitive edge, and this survey reveals how app dev is affecting IT teams.
Download
Story image
Legacy applications a ‘healthcare cybersecurity nightmare’
A new whitepaper launched today that sought to bring light to just how dire the cybersecurity situation with hospitals really is.
Story image
Bug makes Android phones hackable via PNG image files
This means any application handling PNG files that have been carefully crafted by an attacker can end up running the attacker’s code.
Story image
Dell EMC expands multicloud data protection capabilities
According to IDC, 92% of organisations have adopted a cloud environment with 64% adopting a multi-cloud approach.
Story image
The top technologies shaping future ‘proactive’ cybersecurity
Frost & Sullivan has highlighted emerging technology trends that are set to change the way enterprises protect themselves against cybercrime.
Story image
Compliance requirements driving better data management - 451 Research
90% of respondents in a 451 Research report say they will significantly increase investment in DataOps technologies this year.
Download image
Whitepaper: How Philips drives security and privacy in healthcare
Personal data within healthcare records is most valuable, as it can be used, for example, for various malicious purposes.
Download
Story image
Security flaw in Xiaomi electric scooters could have deadly consequences
An attacker could target a rider, and then cause the scooter to suddenly brake or accelerate.
Story image
Personalisation more important than privacy for Gen Z
Gen Z doesn’t just use the internet to connect them, entertain them, sell to them, and build their digital brand, they expect it to.
Download image
Case Study: Infoblox protects the network that hosts City University’s curriculum
After recovering from a ransomware attack, City University began to work with Infoblox to bring its network security to the next level.
Download
Story image
Huawei to Poland: 'We'll build a cybersecurity centre if that's what it takes'
Huawei says it will build a cybersecurity centre in Poland if that’s what it takes to convince the world that it’s a trustworthy organisation.
Download image
Whitepaper: The key to maximising office space efficiency
Most offices worldwide are approximately 50% under-utilised on any given day, causing issues for facility management in understanding the number of people in a facility.
Download
Story image
Norwegian security firm thwarts state-sponsored attack by APT10
Norwegian cybersecurity firm Visma is accusing a Chinese state-sponsored attack group (APT10) of allegedly attacking their systems and engaging in cyberespionage.
Download image
Navigating the complicated world of DNS security
Over the years, DNS, both the protocol and the servers, have become the target of a variety of attacks, including the Lion worm.
Download
Story image
French cyber startup Alsid reaches out to Asia Pacific
French cybersecurity startup Alsid is setting its sights on the vast market opportunities in Asia, and Hong Kong is its initial base of choice – because it’s an attractive target for cyber attacks.
Download image
Are you building (or breaking) digital trust?
Business leaders can wait and be forced to respond to market change, or they can embrace digital and lead market change themselves.
Download
Story image
Illumio eyes global expansion with $65m in the bank
"Regardless of industry or size, every organisation has crown jewel or regulated assets running in their environment."
Story image
Security and mobility app adoption increasing - Okta
The fastest-of-the-fastest growing apps focus on identity-driven security, indicating that companies are taking Zero Trust seriously.
Download image
Mobile security: A case of risk versus reward?
Neither restricting productivity nor accepting tremendous mobile security risk is a viable option.
Download
Story image
Extreme Networks launches IoT security solution
IoT devices are typically deployed in a flat or unsegmented network so that if breached, the attacker can gain access to sensitive areas of the network.
Story image
Report finds automotive industry seriously wanting in cybersecurity
Findings from a new report have laid the automotive industry’s cybersecurity practices bare after highlighting critical cybersecurity deficiencies.
Story image
Google's new Chrome feature warns about compromised logins
This week Google released extra measures in a bid to provide better security for its users’ data.
Download image
Whitepaper: Remote working is great – but is it a security time-bomb?
Simply extending current PC security controls to a mobile fleet is ineffective.
Download
Download image
The 3 essential elements to consider with SaaS security
Speed, ease of use, and low capital expenses are just some of the factors driving the continued growth in SaaS security adoption.
Download
Story image
Germany watchdog calls out Facebook's 'abuse of power'
Bundeskartellamt asserts that Facebook must ask for consent from all users to collect data from within Facebook-owned services and third party websites – or face heavy restrictions on data collection.
Download image
Whitepaper: Three quick ways security teams can unlock the executive budget
Boards and Executives who normally approve funding for IT Security speak the language of ROI, NPV, etc.
Download
Download image
Study: Is it possible to detect breaches as they happen
Breaches often happen when businesses least expect them, causing slow reaction times and possibly catastrophic loss.
Download
Download image
The ultimate playbook for DNS infrastructure
Advanced DNS solutions can bring legacy systems into the modern age and protect against these potentially crippling DNS attacks.
Download
Story image
Honeywell upgrades USB protection for ICS environments
Industrial cybersecurity provider Honeywell has doubled down on its protection against USB-based threats towards industrial operators.