Malware Delivery Via LinkedIn
LinkedIn users should be aware of emails which say they are coming from the site which are scams and there are phishing emails they must be aware of as well. FireEye researchers have identified a phishing campaign conducted by the cyber-espionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents.
Phishing scams see cybercriminals target users with spoof emails designed to look as though they originate from a large-scale organisation. Social media sites have become increasingly popular in such scams in recent years, with social media phishing attacks rose 75 percent in 2019.
Researchers noticed the campaign in late June 2019 using LinkedIn professional network invitations to deliver the malicious documents that included the use of three new malware families according to a July 18 blog post. The campaign utilised malware including a backdoor dubbed “TONEDEAF”, a browser credential theft tool dubbed “VALUEVAULT”, and a keylogger dubbed “LONGWATCH.”
So far the campaign has targeted the energy, utilities, government, oil and gas industries with the threat actor utilising their tried-and-true techniques to breach targeted organisations.
APT34, believed to be an Iranian-based group, has been active since 2014 and has previously used academia and job offer conversations in other campaigns to lure victims into downloading malware.
“The latest research from FireEye clearly shows that no matter how malicious documents are distributed, macros in Microsoft Office documents represent a serious threat to organisations,” Digital Shadows Head of Security Engineering Dr. Richard Gold told SC Media.
“Given their ubiquity and their ease of exploitation by an attacker, we strongly recommend that organisations look into disabling or at least severely limiting the ability of macros to execute in their environment.”
Gold recommended organisations test their own defenses periodically in “Purple Team exercises” with public and or open-source tools to ensure that they are able to detect and respond to commodity threats. Chris Morales, head of security analytics at security firm, Vectra, said attackers are using the same techniques they have always used to conduct phishing campaigns and adapting those campaigns to particular platforms where the users they want to target exist.
“One of the most important benefits of LinkedIn is the ability it gives you to find people outside your existing professional network,” Morales said.
“There is a certain level of acceptance of outsiders on social media that doesn’t exist as much in email, especially as enterprises strengthen their email posture.”
FireEye: SC Magazine: TechRadar:
You Might Also Read:
You Should Read LinkedIn's New Privacy Policy Carefully:
Social Media Sites - Cyber Weapons of Choice: