Malware Delivery Via LinkedIn

Uploaded on 2019-07-29 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW

LinkedIn users should be aware of emails which say they are coming from the site which are scams and there are phishing emails they must be aware of as well. FireEye researchers have identified a phishing campaign conducted by the cyber-espionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents. 

Phishing scams see cybercriminals target users with spoof emails designed to look as though they originate from a large-scale organisation. Social media sites have become increasingly popular in such scams in recent years, with social media phishing attacks rose 75 percent in 2019.

Researchers noticed the campaign in late June 2019 using LinkedIn professional network invitations to deliver the malicious documents that included the use of three new malware families according to a July 18 blog post. The campaign utilised malware including a backdoor dubbed “TONEDEAF”, a browser credential theft tool dubbed “VALUEVAULT”, and a keylogger dubbed “LONGWATCH.”

So far the campaign has targeted the energy, utilities, government, oil and gas industries with the threat actor utilising their tried-and-true techniques to breach targeted organisations.

APT34, believed to be an Iranian-based group, has been active since 2014 and has previously used academia and job offer conversations in other campaigns to lure victims into downloading malware.

“The latest research from FireEye clearly shows that no matter how malicious documents are distributed, macros in Microsoft Office documents represent a serious threat to organisations,” Digital Shadows Head of Security Engineering Dr. Richard Gold told SC Media. 

“Given their ubiquity and their ease of exploitation by an attacker, we strongly recommend that organisations look into disabling or at least severely limiting the ability of macros to execute in their environment.”

Gold recommended organisations test their own defenses periodically in “Purple Team exercises” with public and or open-source tools to ensure that they are able to detect and respond to commodity threats.  Chris Morales, head of security analytics at security firm, Vectra, said attackers are using the same techniques they have always used to conduct phishing campaigns and adapting those campaigns to particular platforms where the users they want to target exist.

“One of the most important benefits of LinkedIn is the ability it gives you to find people outside your existing professional network,” Morales said. 

“There is a certain level of acceptance of outsiders on social media that doesn’t exist as much in email, especially as enterprises strengthen their email posture.” 

FireEye:              SC Magazine:             TechRadar:    

You Might Also Read: 

You Should Read LinkedIn's New Privacy Policy Carefully:

Social Media Sites - Cyber Weapons of Choice:

 

« One Costly Minute Of Cybercrime
Expert Hacker Spared Jail »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CNCERT/CC

CNCERT/CC

CNCERT is the national Computer Network Emergency Response Technical Team / Coordination Center of China.

OneVisage

OneVisage

Our award-winning 3DAuth digital identity platform turns any consumer mobile device into a real-time 3D facial scanner that securely authenticates the user in seconds.

Plurilock Security Solutions

Plurilock Security Solutions

Plurilock is a real-time cybersecurity solution that uses artificial intelligence to identify, prevent, and eliminate insider threats.

CloudOak

CloudOak

CloudOak is a cloud channel provider for hybrid cloud Backup as a Service (BaaS), Disaster Recovery as a Service (DRaaS) and Archiving to Small to Medium Business (SMB).

Glilot Capital Partners

Glilot Capital Partners

Glilot Capital Partners is an Israeli seed and early-stage VC. We specialize in businesses which disrupt enterprise technology, mainly in the fields of AI, big data and cybersecurity.

Stamus Networks

Stamus Networks

Stamus Networks offers Scirius Security Platform solutions that marry real-time network traffic data with enhanced Suricata intrusion detection (IDS) and an advanced analytics engine.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

Cyber Security Forum Initiative (CSFI)

Cyber Security Forum Initiative (CSFI)

CSFI is a non-profit organization with a mission to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training.

EYE Security

EYE Security

EYE provides enterprise-grade cyber security services and cyber insurance to SMEs in Europe, Cyber Incident Response and strategic advice in board rooms.

Def-Logix

Def-Logix

Def-Logix was founded in 2008 to help solve cyber threats being experienced by government agencies of the United States.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

Auriga

Auriga

Auriga create innovative software and have become a benchmark for high quality banking software including cyber security solutions to protect business critical devices.

SecureWeb3

SecureWeb3

SecureWeb3 helps businesses and brands to secure their Web3 presence by offering a full suite of security services including training, consultancy & brand protection solutions.

Capzul

Capzul

Capzul are transforming the network security landscape with a new approach; creating virtually impenetrable networks, precluding cybercriminal attacks on your network ecosystem.

ThreatView by Turaco Labs

ThreatView by Turaco Labs

ThreatView combines extensive experience in digital forensics with advanced analytics and threat detection capabilities to protect eCommerce websites.

Cyber Brain Academy

Cyber Brain Academy

At Cyber Brain Academy, our mission is to provide high-quality IT certification training for the cyber security workforce.