Saturday, July 13, 2024
EHA

Beware of New Hacking Attack Targeting LinkedIn Accounts Worldwide

An ongoing campaign has resulted in the compromise of multiple LinkedIn accounts. However, the motive behind this campaign remains unclear at this time.

Numerous users have reported instances of their LinkedIn accounts being temporarily locked, hacked, or permanently deleted.

LinkedIn account compromise issue discussed on Social network (Source: Cybrint)

In certain cases, there were also ransom payments requested by threat actors to recover user accounts. As per the Google Trends report, this LinkedIn account compromise has seen a sudden surge in the past 90 days. It also shows several searches for “LinkedIn account hacked” or “LinkedIn account recovery.”

Google Trends Report (Source: Cybrint)

It is suspected that threat actors have gathered data from a LinkedIn Breach and used the data to pick accounts. Threat actors identify accounts without 2FA or use Brute force to hack into accounts having short passwords. 

A complete picture of this LinkedIn attack campaign is yet to be revealed. However, Two scenarios have been discovered while attacking user accounts. One of the scenarios is a Temporary account Lock, and the other is a Full Account compromise.

Temporary Account Lock

In this scenario, threat actors attempt to compromise a LinkedIn account that has two-factor authentication enabled with brute force attacks. This results in LinkedIn sending suspicious activity followed by a temporary account lock for a user. 

As a method for recovery, Users are requested to verify their accounts, update their passwords for security reasons and regain access to their accounts.

Temporary account lock notification from LinkedIn (Source: Cybrint)

Full Account Compromise

In this scenario, threat actors completely take over victims’ accounts and change their email addresses in order to ensure that victims don’t recover their accounts. The email addresses used for replacing the original email address of these accounts were generated from the rambler[.]ru mail system.

Furthermore, for this type of scenario, there have been reports of demanding ransom as a financial gain ranging between tens of dollars. 

Full account compromise with replaced rambler.ru email ID (Source: Cybrint)

Once threat actors gain access to these professional LinkedIn accounts of users, they have several attack vectors, which involve social engineering, manipulation of people, baiting to a malicious link, blackmail, reputational damage, spreading malicious content, and many more.

Cybrint has released a complete report on this LinkedIn attack campaign which provides additional details on this issue.

Mitigation

Users of LinkedIn are recommended to check their account access to see whether they are able to log in to their account and make sure all their information, like email, phone numbers, and others, are genuine and legit. 

Changing and deploying a strong password in the LinkedIn account, which is unique and not reused, is recommended. Additionally, 2-step verification can also be implemented to prevent brute force attacks.

Keep informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.

Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles