Friday, October 4, 2024
Homecyber securityBeware of New Hacking Attack Targeting LinkedIn Accounts Worldwide

Beware of New Hacking Attack Targeting LinkedIn Accounts Worldwide

Published on

An ongoing campaign has resulted in the compromise of multiple LinkedIn accounts. However, the motive behind this campaign remains unclear at this time.

Numerous users have reported instances of their LinkedIn accounts being temporarily locked, hacked, or permanently deleted.

LinkedIn account compromise issue discussed on Social network (Source: Cybrint)

In certain cases, there were also ransom payments requested by threat actors to recover user accounts. As per the Google Trends report, this LinkedIn account compromise has seen a sudden surge in the past 90 days. It also shows several searches for “LinkedIn account hacked” or “LinkedIn account recovery.”

- Advertisement - EHA
Google Trends Report (Source: Cybrint)

It is suspected that threat actors have gathered data from a LinkedIn Breach and used the data to pick accounts. Threat actors identify accounts without 2FA or use Brute force to hack into accounts having short passwords. 

A complete picture of this LinkedIn attack campaign is yet to be revealed. However, Two scenarios have been discovered while attacking user accounts. One of the scenarios is a Temporary account Lock, and the other is a Full Account compromise.

Temporary Account Lock

In this scenario, threat actors attempt to compromise a LinkedIn account that has two-factor authentication enabled with brute force attacks. This results in LinkedIn sending suspicious activity followed by a temporary account lock for a user. 

As a method for recovery, Users are requested to verify their accounts, update their passwords for security reasons and regain access to their accounts.

Temporary account lock notification from LinkedIn (Source: Cybrint)

Full Account Compromise

In this scenario, threat actors completely take over victims’ accounts and change their email addresses in order to ensure that victims don’t recover their accounts. The email addresses used for replacing the original email address of these accounts were generated from the rambler[.]ru mail system.

Furthermore, for this type of scenario, there have been reports of demanding ransom as a financial gain ranging between tens of dollars. 

Full account compromise with replaced rambler.ru email ID (Source: Cybrint)

Once threat actors gain access to these professional LinkedIn accounts of users, they have several attack vectors, which involve social engineering, manipulation of people, baiting to a malicious link, blackmail, reputational damage, spreading malicious content, and many more.

Cybrint has released a complete report on this LinkedIn attack campaign which provides additional details on this issue.

Mitigation

Users of LinkedIn are recommended to check their account access to see whether they are able to log in to their account and make sure all their information, like email, phone numbers, and others, are genuine and legit. 

Changing and deploying a strong password in the LinkedIn account, which is unique and not reused, is recommended. Additionally, 2-step verification can also be implemented to prevent brute force attacks.

Keep informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...