Attacking the very people who work on stopping threat actors may seem like a bad idea. But some threat groups do go after people who’ve made a career doing vulnerability research. We’ll take a look at a recent social engineering attack campaign targeted at cyber defense experts. How can you and your employees avoid falling into this trap?
Look at the User
Most data breaches still involve the use of known vulnerabilities. In a 2019 study, for instance, 60% of breach victims say they suffered a security incident after someone had exploited a known vulnerability where the patch was not applied. An even greater percentage (62%) say they didn’t know they were at risk prior to the data breach.
Threat actors can exploit openings the ‘traditional’ way by probing software for bugs or purchasing access to flaws. Or, they can get a bit more creative, like targeting researchers.
Social Engineering a Security Researcher
At the end of January 2021, Google observed government-backed attackers targeting security professionals working on vulnerability research. The threat actors began their social engineering efforts by creating a blog and multiple Twitter profiles. From there, they shared fake vulnerability write-ups posted to their blog, along with ‘guest’ posts written by unwitting researchers. The attackers also used those social media profiles to post videos of their ‘exploits’. They would also retweet posts from other accounts under their control.
Google confirmed the threat actors also faked the success of at least one of their claimed working exploits. B ..
Support the originator by clicking the read the rest link below.
