Et tu, LinkedIn? Unfolding a New Technique of Spear-Phishing

The year 2020 also saw the emergence of a spear-phishing campaign that leverages LinkedIn’s messaging service. 

What’s going on?

Collins Aerospace and General Dynamics have been caught in the crosshairs of a malware campaign where attackers are posing as human resource employees from the companies. Targets are sent fake job offers, via LinkedIn, containing malicious documents. These documents are designed to fetch data-exfiltrating malware. 

The bigger picture

  • The spear-phishing messages were a part of a notorious campaign - dubbed Operation In(ter)ception - that targeted aerospace and military companies in the Middle East and Europe. 
  • The main aim of the attacks was believed to be cyberespionage
  • Nevertheless, in a single case, the attackers attempted to compromise a user’s email account in a BEC attack. This indicates that the attackers were also aiming for financial benefits. 
  • Several hints were found by researchers pointing to the Lazarus Group behind these attacks. 

How to stay safe?

The first rule to avoid being a victim of spear-phishing attacks is to follow MFA, MFA, and MFA - multifactor authentication everywhere. The next rule is to practice good password hygiene and be alert. 

The bottom line is that 2020 has been an exciting and lucrative year for cyber goons. Targeted, multi-stage, and multi-vector attacks have been tremendously successful in penetrating business networks. Most of them start with socially engineered techniques, such as spear-phishing emails with convincing subject lines and content. Attacks will continue to rise and new techniques will evolve as long as organizations do not have a comprehensive threat defense plan.