Malware Delivery Via LinkedIn

Uploaded on 2019-07-29 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW

LinkedIn users should be aware of emails which say they are coming from the site which are scams and there are phishing emails they must be aware of as well. FireEye researchers have identified a phishing campaign conducted by the cyber-espionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents. 

Phishing scams see cybercriminals target users with spoof emails designed to look as though they originate from a large-scale organisation. Social media sites have become increasingly popular in such scams in recent years, with social media phishing attacks rose 75 percent in 2019.

Researchers noticed the campaign in late June 2019 using LinkedIn professional network invitations to deliver the malicious documents that included the use of three new malware families according to a July 18 blog post. The campaign utilised malware including a backdoor dubbed “TONEDEAF”, a browser credential theft tool dubbed “VALUEVAULT”, and a keylogger dubbed “LONGWATCH.”

So far the campaign has targeted the energy, utilities, government, oil and gas industries with the threat actor utilising their tried-and-true techniques to breach targeted organisations.

APT34, believed to be an Iranian-based group, has been active since 2014 and has previously used academia and job offer conversations in other campaigns to lure victims into downloading malware.

“The latest research from FireEye clearly shows that no matter how malicious documents are distributed, macros in Microsoft Office documents represent a serious threat to organisations,” Digital Shadows Head of Security Engineering Dr. Richard Gold told SC Media. 

“Given their ubiquity and their ease of exploitation by an attacker, we strongly recommend that organisations look into disabling or at least severely limiting the ability of macros to execute in their environment.”

Gold recommended organisations test their own defenses periodically in “Purple Team exercises” with public and or open-source tools to ensure that they are able to detect and respond to commodity threats.  Chris Morales, head of security analytics at security firm, Vectra, said attackers are using the same techniques they have always used to conduct phishing campaigns and adapting those campaigns to particular platforms where the users they want to target exist.

“One of the most important benefits of LinkedIn is the ability it gives you to find people outside your existing professional network,” Morales said. 

“There is a certain level of acceptance of outsiders on social media that doesn’t exist as much in email, especially as enterprises strengthen their email posture.” 

FireEye:              SC Magazine:             TechRadar:    

You Might Also Read: 

You Should Read LinkedIn's New Privacy Policy Carefully:

Social Media Sites - Cyber Weapons of Choice:

 

« One Costly Minute Of Cybercrime
Expert Hacker Spared Jail »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

EfficientIP

EfficientIP

EfficientIP helps organizations drive business efficiency through agile, secure and reliable network infrastructures.

Davis Wright Tremaine (DWT)

Davis Wright Tremaine (DWT)

Davis Wright Tremaine is a full-service law firm with offices throughout the US and in Shanghai, China. Practice areas include Technology, Privacy & Security.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

Leibniz-Rechenzentrum (LRZ)

Leibniz-Rechenzentrum (LRZ)

The LRZ supports ground-breaking research and teaching in a wide range of scientific disciplines including information security and data protection.

Cansure

Cansure

Cansure is a leading insurance provider in Canada offering a broad range of property & casualty insurance solutions including Cyber & Data Breach insurance.

Polish Centre for Accreditation (PCA)

Polish Centre for Accreditation (PCA)

PCA is the national accreditation body for Poland. The directory of members provides details of organisations offering certification services for ISO 27001.

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

Verodin

Verodin

Verodin is a business platform that provides organizations with the evidence needed to measure, manage and improve their cybersecurity effectiveness.

Guardian Digital

Guardian Digital

Guardian Digital makes email safe for business. Threat-ready business email protection. Fully supported.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

Condition Zebra

Condition Zebra

Condition Zebra has wide experience in providing IT Security Services, Training, and Certification in the field of cybersecurity.

Ethiopian Cybersecurity Association (ECySA)

Ethiopian Cybersecurity Association (ECySA)

ECySA was formed to play an influential part in the ongoing and dawning cybersecurity practices of Ethiopia, efficiently creating public and private awareness on all kinds of cyber risks and threats.

AArete

AArete

AArete is a global management and technology consulting firm specializing in strategic profitability improvement, digital transformation, and advisory services.

Etalon Cyber

Etalon Cyber

Etalon Cyber provides a range of advanced features to ensure the highest level of security for your website.