Malware Delivery Via LinkedIn

Uploaded on 2019-07-29 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW

LinkedIn users should be aware of emails which say they are coming from the site which are scams and there are phishing emails they must be aware of as well. FireEye researchers have identified a phishing campaign conducted by the cyber-espionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents. 

Phishing scams see cybercriminals target users with spoof emails designed to look as though they originate from a large-scale organisation. Social media sites have become increasingly popular in such scams in recent years, with social media phishing attacks rose 75 percent in 2019.

Researchers noticed the campaign in late June 2019 using LinkedIn professional network invitations to deliver the malicious documents that included the use of three new malware families according to a July 18 blog post. The campaign utilised malware including a backdoor dubbed “TONEDEAF”, a browser credential theft tool dubbed “VALUEVAULT”, and a keylogger dubbed “LONGWATCH.”

So far the campaign has targeted the energy, utilities, government, oil and gas industries with the threat actor utilising their tried-and-true techniques to breach targeted organisations.

APT34, believed to be an Iranian-based group, has been active since 2014 and has previously used academia and job offer conversations in other campaigns to lure victims into downloading malware.

“The latest research from FireEye clearly shows that no matter how malicious documents are distributed, macros in Microsoft Office documents represent a serious threat to organisations,” Digital Shadows Head of Security Engineering Dr. Richard Gold told SC Media. 

“Given their ubiquity and their ease of exploitation by an attacker, we strongly recommend that organisations look into disabling or at least severely limiting the ability of macros to execute in their environment.”

Gold recommended organisations test their own defenses periodically in “Purple Team exercises” with public and or open-source tools to ensure that they are able to detect and respond to commodity threats.  Chris Morales, head of security analytics at security firm, Vectra, said attackers are using the same techniques they have always used to conduct phishing campaigns and adapting those campaigns to particular platforms where the users they want to target exist.

“One of the most important benefits of LinkedIn is the ability it gives you to find people outside your existing professional network,” Morales said. 

“There is a certain level of acceptance of outsiders on social media that doesn’t exist as much in email, especially as enterprises strengthen their email posture.” 

FireEye:              SC Magazine:             TechRadar:    

You Might Also Read: 

You Should Read LinkedIn's New Privacy Policy Carefully:

Social Media Sites - Cyber Weapons of Choice:

 

« One Costly Minute Of Cybercrime
Expert Hacker Spared Jail »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Ethio-CERT

Ethio-CERT

National Cyber Emergency Readiness and Response Team of Ethiopia.

Mobile Mentor

Mobile Mentor

Mobile Mentor is an independent provider of enterprise mobility solutions in New Zealand and Australia.

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets is a global series of summits focusing on cyber security for critical infrastructure.

Infosec (T) Ltd

Infosec (T) Ltd

Infosec (T) Limited is an independent Tanzania based consultancy specializing in IT governance, information security and IT audit.

OcuCloud

OcuCloud

OcuCloud protects businesses' valuable information in the cloud, preventing security breaches caused by employees and remote vendors.

Threatspan

Threatspan

Threatspan is a cybersecurity firm helping shipping and maritime enterprises achieve and maintain nautical resilience in an age of increasing cyber threats.

Panorays

Panorays

Panorays automates third-party security lifecycle management. It is a SaaS-based platform, with no installation needed.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

Bionic

Bionic

Bionic is an agentless way to get control over your increasingly complex applications so you can manage, operate, and secure them faster and more efficiently.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

Jot Digital

Jot Digital

Jot Digital is a full-service technology company specializing in digital engineering, application modernization and business transformation.

NetDescribe

NetDescribe

NetDescribe, part of Xantaro Group, advises and supports companies in building secure and stable IT environments.

Nothreat

Nothreat

Nothreat has revolutionized how businesses like yours protect themselves from damaging cyber attacks. Our tech learns and adapts in real time, protecting clients from even zero-day attacks.