Bit of a short post today, but it was something that caught my eye.
Years after the LinkedIn breach, criminals are still circulating the compromised data, and using it whenever possible. But moreover, they also use LinkedIn itself as it exists today as a means of targeting the staff who work for their potential victims.
Source: The Guardian
Radioactive Waste Management (RWM), managing the £50bn Geological Disposal Facility project in the UK, reported attempted cyber breaches through LinkedIn.
It’s said that the attackers targeted RWM by using LinkedIn to identify employees within the organization. RWM, now part of Nuclear Waste Services (NWS), experienced potential attacks exploiting ownership changes, though with no significant impact. NWS, aware of the vulnerability of social media to hacking, said they maintain robust defenses against such threats.
Observations:
This reminds me of something I wrote in 2016, after LinkedIn was blamed for other secondary attacks. At the time, the news of the additional linked attacks were significant, because many compromised organizations are service providers with access to extensive customer networks.
The organizations targeted at the time operated in both the manufacturing and retail industries, and other verticals. It was clear that the criminals responsible were using credential stuffing and brute force attacks by slightly modifying the LinkedIn password list, or looking for accounts that were recycling credentials.