Why LinkedIn is a hunting ground for threat actors - and how to protect yourself

The business social networking site is a vast, publicly accessible database of corporate information. Don't believe everyone on the site is who they say they are.

In November, Britain's Security Service began notifying members of parliament (MPs) and their staff of an audacious foreign intelligence-gathering scheme. It claimed two profiles on LinkedIn were approaching individuals working in British politics in order to solicit insider insights. The revelations from MI5 precipitated a £170 million government initiative to tackle espionage threats to parliament.

This is the most recent high-profile case of threat actors abusing LinkedIn to further their nefarious goals. The site can be a treasure trove of corporate data that can be used to support fraud or threat campaigns.

Why is LinkedIn a target?

LinkedIn has amassed more than one billion members worldwide since its founding in 2003. That's a lot of potential targets for state-backed and financially motivated threat actors. Key reasons:

• It's a fantastic information resource: Threat actors can find out the roles and responsibilities of key individuals in a targeted company, piece together relationships, and understand ongoing projects - invaluable intelligence for spear-phishing and BEC fraud

• It provides credibility and cover: Professional networking site users are more likely to open DMs from unknown connections than unsolicited emails

• It bypasses traditional security: Messages travel through LinkedIn's servers rather than corporate email systems, making corporate IT departments blind to potential threats

• It's easy to get up and running: Anyone can register and start gathering intelligence or launching attacks, with compromised credentials making account hijacking easier than ever

Which attacks are most common?

• Phishing and spearphishing tailored with profile information
• Direct attacks with malicious links deploying malware or harvesting credentials
• BEC attacks using detailed organizational intelligence
• Deepfakes created from profile videos
• Account hijacking through fake pages and credential stuffing
• Supplier attacks targeting partner companies

Examples include North Korea's Lazarus Group posing as recruiters, ScatteredSpider's MGM attack ($100M in losses), and the Ducktail campaign targeting marketing professionals.

Staying safe on LinkedIn

Build LinkedIn threat scenarios into security awareness courses. Warn employees about oversharing and help them spot fake accounts. Use multi-factor authentication, regular patching, and security software on all devices. Run specific training for executives who are targeted more often. Remember: even on trusted networks, not everyone has your best interests at heart.

Source: WeLiveSecurity (ESET)
Read more: https://www.welivesecurity.com/en/social-media/linkedin-hunting-ground-threat-actors-how-protect-yourself/