Malware Delivery Via LinkedIn

Uploaded on 2019-07-29 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW

LinkedIn users should be aware of emails which say they are coming from the site which are scams and there are phishing emails they must be aware of as well. FireEye researchers have identified a phishing campaign conducted by the cyber-espionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents. 

Phishing scams see cybercriminals target users with spoof emails designed to look as though they originate from a large-scale organisation. Social media sites have become increasingly popular in such scams in recent years, with social media phishing attacks rose 75 percent in 2019.

Researchers noticed the campaign in late June 2019 using LinkedIn professional network invitations to deliver the malicious documents that included the use of three new malware families according to a July 18 blog post. The campaign utilised malware including a backdoor dubbed “TONEDEAF”, a browser credential theft tool dubbed “VALUEVAULT”, and a keylogger dubbed “LONGWATCH.”

So far the campaign has targeted the energy, utilities, government, oil and gas industries with the threat actor utilising their tried-and-true techniques to breach targeted organisations.

APT34, believed to be an Iranian-based group, has been active since 2014 and has previously used academia and job offer conversations in other campaigns to lure victims into downloading malware.

“The latest research from FireEye clearly shows that no matter how malicious documents are distributed, macros in Microsoft Office documents represent a serious threat to organisations,” Digital Shadows Head of Security Engineering Dr. Richard Gold told SC Media. 

“Given their ubiquity and their ease of exploitation by an attacker, we strongly recommend that organisations look into disabling or at least severely limiting the ability of macros to execute in their environment.”

Gold recommended organisations test their own defenses periodically in “Purple Team exercises” with public and or open-source tools to ensure that they are able to detect and respond to commodity threats.  Chris Morales, head of security analytics at security firm, Vectra, said attackers are using the same techniques they have always used to conduct phishing campaigns and adapting those campaigns to particular platforms where the users they want to target exist.

“One of the most important benefits of LinkedIn is the ability it gives you to find people outside your existing professional network,” Morales said. 

“There is a certain level of acceptance of outsiders on social media that doesn’t exist as much in email, especially as enterprises strengthen their email posture.” 

FireEye:              SC Magazine:             TechRadar:    

You Might Also Read: 

You Should Read LinkedIn's New Privacy Policy Carefully:

Social Media Sites - Cyber Weapons of Choice:

 

« One Costly Minute Of Cybercrime
Expert Hacker Spared Jail »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Malwarebytes

Malwarebytes

Malwarebytes provides artificial intelligence-powered technology that stops cyberattacks before they can compromise computers and endpoints.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

Micro Focus

Micro Focus

Micro Focus is one of the world’s largest enterprise software providers. We deliver trusted and proven mission-critical software that keeps the digital world running.

tietoEVRY

tietoEVRY

TietoEVRY creates digital advantage for businesses and society. We are a leading digital services and software company with local presence and global capabilities.

S2 Grupo

S2 Grupo

S2 Grupo is the benchmark company in Europe and Latin America, for Cyber Intelligence and mission critical systems operations.

IoT Defense

IoT Defense

IoT Defense (IOTD) is a cybersecurity and networking company building solutions that enable the protection of networks and the ever-increasing prevalence of IoT devices.

ThreatAware

ThreatAware

Total visibility of your business cybersecurity. Monitoring, management and compliance for your cybersecurity tools, people and processes from one easy to use dashboard.

Elitecyber Group

Elitecyber Group

Elitecyber group is a team of Cyber Security recruitment experts who work for Cyber Security and Cyber Defence clients and candidates throughout Europe.

Octane OC

Octane OC

OCTANe is building the SoCal of tomorrow. We drive innovation and growth by connecting people, resources and capital. Our Incubator focus is FinTech, Data Analytics and Cybersecurity.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

Alertot

Alertot

Hackers attack minutes after a new vulnerability is published. Alertot helps to decrease exposure time in organizations by notifying new issues when they are disclosed.

xMatters

xMatters

xMatters is a digital service availability platform that helps enterprises prevent, manage, and resolve IT incidents before they can become business problems.

CACI International

CACI International

CACI is at the forefront of developing and delivering technological breakthroughs that transform and optimize government operations.

Sentryc

Sentryc

Sentryc provides automated monitoring of brands on online marketplaces and social media making online brand protection processes faster, more clearly structured and more efficient.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.