Dubai - Cyber criminals thought to be based in Iran using LinkedIn to infiltrate targets throughout the Middle East, including the UAE.
Published: Tue 20 Oct 2015, 12:00 AM
Last updated: Tue 20 Oct 2015, 6:18 PM
A group of hackers suspected to be based in Iran are using fake LinkedIn profiles to target victims across the Middle East, including the UAE, according to cyber security experts from Dell SecureWorks' Counter Threat Unit.
The group - which researchers have designated as Threat Group 2889 - has created at least 25 different personas on the popular business-oriented social network, using the photographs of innocent individuals with no connection to the group's activities. Of these, eight are "leader personas" with extremely detailed profiles, including educational histories, current and previous job descriptions, LinkedIn group memberships, and, in most cases, over 500 followers.
"LinkedIn is fairly well-known and used by most professionals . it's a sophisticated and well-planned means of social engineering," said Mark Morland, Dell SecureWork's Regional Manager for the Middle East. "They've created a lot of fairly granular and detailed LinkedIn profiles, and actually having a set of endorsers behind those to enable the profiles to appear as legitimate as possible.
"A lot of these profiles have been created very cleverly from what would appear to be people within the target's company, or from a recruitment consultant perspective," Morland added.
"Gaining trust and an initial acceptance of connection has been fairly easy for them."
Of the 204 potential targets of the group identified by investigators, the majority are in the Middle East, including 27 in the UAE, 28 in Qatar and 39 in Saudi Arabia. Many LinkedIn users targeted by the group operate in the telecommunications industry, government and defense organisations or large corporations.
"Certainly they want to infiltrate networks, but to what end we don't know. It might be theft of intellectual property, disruption to business operations in terms of the availability of the systems, or competitive information," Morland noted. "This has been going on awhile."
Dell researchers used a variety of techniques to lead them to suspect the hackers are located, at least partly, in Iran.
"We've seen a lot of that," he said, declining to go into further detail.
Gopan Sivasankaran, Dell SecureWork's Senior Security Architect said that a significant factor in such attacks are that organisations often adopt high-tech defenses, but lack basic security awareness among employees.
"In the region we've seen people invest a lot in technology, but then really not focus on people and process," he said. "You should get all three right."
To prevent such attacks, Morland urged users of LinkedIn to be cautious and avoid making connections with unknown people.
"Be weary of people you personally don't know, even if they have associated connections. They could have been duped," he said. "Also, any post of message containing a web link or attachment should be absolutely avoided at all costs, because it might be malicious."
"As a security guy, it's just crazy that (someone) accept a LinkedIn invitation from somebody you didn't know. You wouldn't do it on Facebook, so you shouldn't when you get into the workplace."
bernd@khaleejtimes.com
iPhone | iPad
Android
Huawei
