Last November, the UK’s Security Service alerted members of Parliament about a foreign intelligence-gathering scheme: two LinkedIn profiles were contacting people working in British politics to request “insider information.” The MI5 revelations triggered a £170 million ($230 million) government initiative to address espionage threats against Parliament. While this is a high-profile case, ESET, a leading company in proactive threat detection, states that it is far from the first or only one. The site could also be a veritable treasure trove of corporate data that could be maliciously used to support fraud or threat campaigns.

Therefore, it is important to learn from this analysis and valuable professional opinion provided by ESET.

LinkedIn has amassed over one billion members worldwide since its founding in 2003. This represents a vast pool of potential targets for state-backed or financially motivated threat actors. Firstly, it is an extraordinary source of information where malicious actors can discover the roles and responsibilities of key individuals within a target company and reconstruct or reshape the relationships between individuals and projects they might be working on. Furthermore, it provides credibility and cover because, as a professional network, it is frequented by both high-level executives and lower-level employees, and it is a context in which a victim is more likely to open a direct message or InMail from someone on the platform than an unsolicited email.

On the other hand, it bypasses “traditional” security because there is no guarantee that phishing messages, malware, or spam won’t get through; and due to the site’s perceived credibility, target users may be more likely to click on malicious content. Finally, it’s easy to start operating; anyone can create a profile and begin lurking on the site to gather intelligence or send phishing messages and Business Enforcement (BEC) scams. Furthermore, attackers can hijack existing accounts or create fake identities before posing as candidates and recruiters for positions and jobs. The large number of compromised credentials circulating on cybercrime forums (due in part to infostealers) makes this relatively easy.

There are several ways threat actors can operationalize their malicious campaigns:

• Phishing and spearphishing: By using the information users share in their profiles, attackers can customize phishing campaigns (fake emails) to increase their success rate.
• Direct attacks: Contact can be made directly through malicious links designed to deploy malware, such as infostealers, or promote fake job offers intended to steal credentials.
• BEC: Similar to phishing, LinkedIn provides a wealth of intelligence that can be used to make Business Email Compromise attacks appear more convincing. It can help scammers identify who reports to whom, what projects they are working on, and the names of partners or suppliers.
• Deepfakes: LinkedIn can also host videos of targeted individuals, which can be used to create deepfakes and employ them in subsequent phishing, BEC, or social media scams.
• Account hijacking: Fake LinkedIn pages (phishing), infostealers, credential stuffing, and other techniques can help attackers take control of user accounts. These hijacked accounts can then be used in subsequent attacks targeting their contacts.
• Attacks on suppliers: LinkedIn can also be tracked for information about partners of a target company, who would also be targeted with phishing as part of a malicious “domino effect” strategy.

“The challenge posed by threats on LinkedIn is that IT departments find it difficult to obtain accurate information about the extent of the risk their employees face, and the tactics used to attack them. However, it makes sense to include LinkedIn threat scenarios like those described above in security awareness training courses. Employees should also be warned about the risk of oversharing information on the platform and given guidance on how to detect fake accounts and typical phishing lures,” says Mario Micucci, Cybersecurity Researcher at ESET Latin America.

ESET provides information on various threat groups that have used some of these tactics

• The Lazarus Group (North Korea) has posed as recruiters on LinkedIn to install malware on the computers of people working at an aerospace company, according to ESET Research. In fact, the research team also recently described the “Wagemole” campaigns, in which individuals aligned with North Korea attempt to obtain employment at foreign companies.
• ScatteredSpider contacted MGM’s help desk, impersonating an employee whose identity they obtained from LinkedIn, in order to gain access to the organization. The subsequent ransomware attack resulted in losses of $100 million.
• A spearphishing campaign called “Ducktail” targeted marketing and human resources professionals on LinkedIn, delivering malware and stealing information through links sent via direct message. The malware was hosted in the cloud.

Prevention

“To prevent account hijacking, a policy of regularly updating patches should be followed, security software should be installed on all devices (from a trusted vendor), and multifactor authentication should be enabled. Additionally, in corporate environments, it may be worthwhile to organize specific training sessions for executives, who are often the most frequent targets of attacks. Above all, ensure that the team is aware that, even on a network considered trustworthy like LinkedIn, not everyone acts in good faith or in their best interest,” recommends the ESET researcher.

ESET invites you to learn more about cybersecurity by visiting:  https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela at: https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla)  and Facebook (ESET).

Information and image provided by ESET

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada Malicious actors hunt and manipulate on the important LinkedIn network; we must protect ourselves apareció primero en Bitfinance.

Hackers enter Google cloud accounts to mine cryptocurrencies. The internet giant recently published a report on “Google’s threat horizon”, where it points out its concern about the use of cloud accounts that have been hacked to mine cryptocurrencies.

According to what was disseminated in the report: “Malicious actors have been observed mining cryptocurrencies in compromised cloud instances.” Noting that “of the 50 recent examples, 86 % of the cases showed that hackers were mining cryptocurrencies with the accounts.”

The report published by Google’s Cybersecurity Action team attempts to meet two fundamental objectives: the first is “profit making” and the second is related to “traffic pumping“.

With this document the internet leading company tries to provide actionable information that allows organizations to assert that their cloud environments are better protected.

The document also refers to other registered cyber threats such as: malware, hosting of unauthorized content on the Internet, spam and the launch of DDoS bots.

Hackers broadcast live

The group responsible for making the report on Google’s Threat Analysis, last month raised the alarms by warning about the presence of hackers in YouTube accounts to spread cryptocurrency scams.

The representatives of the technology company pointed out that “the name of the channel, the image of the profile and the content were replaced by the brand of the cryptocurrency to impersonate large technology companies or cryptocurrency exchange.”

In addition, they highlighted that the hackers made live broadcasts where they offered gifts in “cryptocurrencies in exchange for the first contributions.” Google pointed out that hackers were fluent in the Russian language.

M. Rodríguez

Source: decrypt.co

La entrada Hackers enter Google accounts in the cloud to mine cryptocurrencies apareció primero en Bitfinance.