Analyze presence of outsourced capabilities

Outsourcing, the arrangement of one company providing goods or services to another company for something that could be done in-house, provides another avenue for an adversary to target. Businesses often have networks, portals, or other technical connections between themselves and their outsourced/partner organizations that could be exploited. Additionally, outsourced/partner organization information could provide opportunities for phishing. [1] [2]

ID: T1303

Tactic: Organizational Weakness Identification

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Much of this analysis can be done using the target's open source website, which is purposely designed to be informational and may not have extensive visitor tracking capabilities.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Analyzing business relationships from information gathering may provide insight into outsourced capabilities. In certain industries, outsourced capabilities or close business partnerships may be advertised on corporate websites.

References

  1. Gregory Scasny. (2015, September 14). Understanding Open Source Intelligence (OSINT) and its relationship to Identity Theft. Retrieved March 1, 2017.
  1. Hon. Jason Chaffetz, Hon. Mark Meadows, Hon. Will Hurd. (2016, September 7). The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation. Retrieved March 28, 2017.