Threat actors are highly innovative – one recent attack tricked victims into addressing fake webcam and microphone issues to gain system access.
We’re constantly advised to be aware of phishing emails, infected documents, and malicious websites, but what happens when threat actors take a different approach? Well, they increase their chances of breaching your defenses. This is why it’s crucial to keep up to date with developments in the world of cybersecurity. This latest attack targeted professionals on LinkedIn, but it could easily be used in other environments.
Ophtek wants to keep you secure from these types of threats, so we’re going to summarize this attack and show you how to stay safe.
The Interview from Hell
Job interviews are always stressful affairs, but at least they don’t hit you financially. However, there is an exception – the LinkedIn attack. With 1 billion members, LinkedIn is hugely popular and this makes it the perfect target for a threat actor.
Victims are approached on LinkedIn by fake recruiters who claim to be working for crypto firms such as Kraken and Gemini. On offer is the opportunity of a number of high-ranking roles at these firms, and the victims has been specially chosen to apply. Victims who take the bait and then posed a series of long-form questions relating to the crypto industry e.g. which crypto trends will have the most impact in the next 12 months.
It may, at first, seem like any other job interview, but the final question posed requires an answer filmed on video. This is where the breach begins. The threat actor will issue an error message stating that there’s an access issue for the victim’s camera and microphone. The problem is apparently caused by a cache issue but, luckily, the ‘interviewer’ has a set of instructions to fix the error. Unfortunately, following these instructions simply hands the threat actor access to the victim’s PC, where their crypto wallet is likely to be targeted.
How to Stay Safe on LinkedIn
You may have a LinkedIn account, and even if you don’t, it’s important that you know how to defend against a similar attack. The three main ways you can protect your PC are:
- Always Verify Identities: Unsolicited job offers aren’t unusual on LinkedIn or other social networking sites, but this doesn’t mean they’re always legitimate. Therefore, it’s vital that you carry out research on the recruiter’s identity. Start by contacting the company directly – ideally by telephone – through official channels and confirm that the vacancy offer is genuine. This can help prevent you falling victim to fake recruiters.
- Check IT Issues with Professionals: Taking technical IT instructions from strangers online is a sure-fire way to open up your PC to an attack. Anything which involves adjusting system settings or installing software should be scrutinized closely. Even if someone asks you to install a new font on your PC, treat it as suspicious. Rather than following through on the advice of an internet stranger, go straight to one of your verified IT professionals for advice.
- Keep Security Software Updated: Ensure that your operating system and associated antivirus software is always kept up to date. Installing the latest security patches will always maximize your security in the event of a breach, so automating these updates is your best form of defense.
For more ways to secure and optimize your business technology, contact your local IT professionals.
Read More