Open Intelligence Threats for 6 Key Industries

Corporate SecurityInformation Protection

The types of threats impacting industry leaders and their point of vulnerability are far from cookie cutter in appearance and impact. While we hear about higher amounts of phishing or ransomware to entire industries, what about the other types of threats? How do those shape up across major industries like healthcare, energy utilities, auto manufacturing, and finance?

By looking into the volume of threats across different businesses and speaking with the leaders at those companies, we were able to better understand the situation. What we’re seeing is a threat landscape evolve with security teams getting better at capturing intelligence. We can tell you – there will be no threat desert in 2021.  On the volume side of the equation, within January 2021 alone, the number of open-source-based threat event alerts to key industry leaders amounted to an average of 3,800 alerts every day; an avalanche of sorts for security teams.

While newer platforms provide additional filtering,  industry-standard false-positive rates remain high which leaves hundreds of threats each day requiring review and decisions by security teams to narrow down to single-digit credible threats each day. Yet not all organizations faced threats in the same way.


In the health and medical industry, violent threats towards the organization and staff were third highest across all the industries, with over 1,500 questionable pieces of content appearing monthly. This formed a major part of the 5.1 legitimate threats originating from open intelligence each day. In addition,  the targeting of staff for phishing campaigns and ransomware were prime targets, with specific focus being given to the supply chain areas of the business where the impact could be largest and staff not necessarily being in the spotlight. 


In the mining industry, bad actors focused on strategies to uncover information, private logistical or operational data, and Personally Identifiable Information (PII). On average, individual mining organizations received over 320 pieces of intelligence each month, filtering down to a new threat or risk each day. Targeted phishing schemes and impersonations weighed heavily in their alerts. Impersonations of mining executives or organizations in the news or social media to manipulate stock performance popped up throughout the first month of the year. In addition, since mining organizations have consistently placed limited value on external marketing and websites, or in safeguarding their digital brand, it is that much easier to impact or harm their reputation. 

Energy and utilities

At the height of winter, with a surge in unemployment and many jobs now taking place at home, the loss of power was a heated topic in January 2021. Energy and utility companies received substantial threats regarding issues with their energy services or about service shutdown for nonpayment of bills. While Energy companies would receive up to 5.8 legitimate threats each day, only a portion were threats of violence or harm; the remainder lay in impersonation, phishing, and political frustration. 


Retail was facing the highest proportion of legitimate threats, with an average of over 313 new threats per day. Loss of jobs and staffing changes resulted in leakage of employee information and threats of violence. Retail has some unique challenges though. Data breaches and the sale of retail credit cards and loyalty cards result in financial losses and reputational damage. Bad actors also used the Internet to monitor the movement of merchandise shipments, monitoring where products were shipped from and where the stock was expected, such as with newer gaming consoles.


Within auto manufacturing, the false positive rate was the highest, with thousands of alerts only leading to 9.6 threats each day. Across the auto industry, executives are a visible entity and were the target for threats to their massive organizations and their supply chains. Again impersonations in phishing schemes or for stock manipulation were part of their modus operandi in January.

“The addition of Media Sonar has been a welcomed asset to the team. The platform has improved our open source searching capabilities and reduced the amount of time spent manually searching for OSINT. Using their footprint search, setting up automated alerts and creating specific cases for continued monitoring are just a few examples of how Media Sonar has been helpful and improved our team’s efficiency. Media Sonar has been a vital tool in helping protect our company and mitigate potential threats and risks.

– Large Auto Manufacturer


Impersonation was the leading threat in the insurance industry, with fake insurance information and phishing packs targeting consumers as the leading tactic. While violent threats towards individuals were low, threats of violence were often directed toward the organization directly. Leaders in this industry found roughly 5.6 threats per day originating from open intelligence sources coming from 1800 monthly alerts.

The big problem is the lack of scalability

With hidden threats being captured so much more easily now, and with that practice becoming more widespread in large corporations, technologies with powerful detection and investigation capabilities are being used. With billions of points of information daily, historical methods of detection and investigation are no longer scalable for enterprises. Over 50% of security practitioners spend half of their time locating and collecting open-source intelligence. With the right investments, over 40% of that time can be put back into ensuring the organization can act on the real concerns. Still, it’s enough to make you ask – are there more threats or have we just gotten better at surfacing them?

Limited Time Offer!

We want to make our Web Intelligence & Investigations platform more accessible. Make the most of your 2022 security budget with up to 25% off all Media Sonar packages from now until March 1st, 2022.

Some conditions apply

Previous Post
Improve supply chain security with intelligence from surface, deep & dark web
Next Post
Beware of Hidden Communication Beyond TOR

Become a Media Sonar Insider

Become a Media Sonar Insider

Please fill in a few details & we'll add you to our communications list.

Looking For More Content?

– Limited Time Offer –

Up To 25% Off All Media Sonar Packages

– Ends March 1, 2022 –

Some conditions apply