Hackers no longer rely solely on email when trying to infiltrate your organization. Social media, including LinkedIn, has become the new preferred method of attack for these criminals.
This year, Google’s Threat Analysis Group (TAG) discovered large-scale cyberattack originating in North Korea. The cyberattack used fake blogs, fake email accounts, and even several different fake profiles on social media platforms like LinkedIn. Hackers create fake profiles designed to deceive their victims. Once they identify a target, they will start adding the potential victim’s friends and colleagues. They then “like” and comment on the content shared by the victim’s friends to create the illusion of being a real person. Once they have created an activity and connection log, they will then send a connection request to the target. Activity logs and mutual connections create a false sense of security for the victim, which makes them more likely to participate in the phishing attack.
The new landscape of phishing threats
The phishing paradigm has changed, and this new level of sophistication, speed and attention to detail is what we call Phishing 2.0. Users are now operating via mobile, email and the web. These hackers are tackling the surface of human attacks with new types of phishing and social engineering programs to deliver a wider variety of phishing payloads. These phishing attacks use multiple tactics and speed to evade traditional defenses that rely on domain reputation and blacklists. While ID theft remains popular, there are new multi-vector phishing attacks that exploit web, SMS, social, search, and collaboration tools. Phishing is now just as prevalent in text messages, social media, ads, search engines, browser extensions, and chat apps. Payloads include malicious browsers, scareware, fake virus alerts, bank fraud, and more. HTML phishing can be delivered directly to browsers and applications, bypassing infrastructure (SEG, NGAV, AEP) and bypassing methods of URL inspection and domain reputation analysis. In doing so, they can bypass traditional defenses with a success rate of over 80%.
These new types of attacks that come from an employee’s personal communication line, like texting or LinkedIn, can’t be stopped unless you interact with the threat to the point of clicking on a device. These attacks cannot be stopped through an email API or in a Web / SASE proxy solution. Indeed, the personal traffic of a user does not generally pass through these solutions in a remote work scenario.
SlashNext stops phishing
Only SlashNext can stop human hacking across all your digital communication channels. This includes these new types of phishing attacks on a mobile device or the user’s web browser. Our phishing protection is backed by our Session Emulation and Environment Reconnaissance (SEER) ™ threat detection technology and real-time phishing threat intelligence. Our AI phishing defense cloud, which performs dynamic and runtime analysis on billions of URLs daily through virtual browsers, machine learning, and Natural Language Processing (NLP), provides users and IT security teams bring a new level of protection against phishing and social networks. engineering attacks. Whether it’s bogus login pages aimed at stealing user credentials or other social engineering attacks designed to deceive users, we can block these sites and protect users from phishing on any site. browser, any device and any operating system. https://www.slashnext.com/technology/
The post office Social media apps like LinkedIn have become human hacking tools first appeared on SlashNext.
*** This is a Syndicated Security Bloggers Network blog by SlashNext written by Austin Piazza. Read the original post on: https://www.slashnext.com/blog/social-media-apps-like-linkedin-have-become-tools-for-human-hacking/