CyberCure Ep 73

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. https://news.nucleon.sh/2021/09/03/intelligence-briefing-73/ ---- Several times this year, LinkedIn seems to have experienced massive data scrape conducted by a malicious actor. An archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum. This time, the author of the forum post is purportedly selling information gathered from 600 million LinkedIn profiles. Latest LinkedIn leak They also claim that the data is new and “better” than that collected during the previous scrapes. Latest LinkedIn leak in 2021 Samples from the archive shared by the author include full names, email addresses, links to the users’ social media accounts, and other data points that users had publicly listed on their LinkedIn profiles. While not deeply sensitive, the information could still be used by malicious actors to quickly and easily find new targets based on the criminals’ preferred methods of social engineering. LinkedIn’s refusal to treat malicious scraping as a security problem can potentially allow cybercriminals to gather data on new victims with impunity. The social media platform, however, is of a different opinion on the matter: “Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed,” LinkedIn said in its statement regarding a previous data scrape, where malicious actors collected data from 700 million profiles... ---- Also, Notorious North Korean hacking group impersonates Airbus, General Motors and Rheinmetall to lure potential victims into downloading malware. Researchers have been tracking Lazarus activity for months published new report by AT&T Labs. According to the report’s author, emails sent to prospective engineering candidates by the group purport to be from known defense contractors Airbus, General Motors (GM) and Rheinmetall. Attached to the emails are Windows documents containing macro-based malware, “which has been developed and improved during the course of this campaign and from one target to another,” the report wrote. The campaign is just the latest by Lazarus that targets the defense industry. In February, researchers linked a 2020 spear phishing campaign to the stealing of critical data from defense companies by leveraging an advanced malware called ThreatNeedle. The new campaign was identified when Twitter users reported several documents that were linked to Lazarus group using, GM and Airbus as lures. The campaigns using the three new documents have similarities in command and control (C&C) communication but different ways of executing malicious activity, researchers found. Lazarus distributed two malicious documents related to Rheinmetall, a German engineering company focused on the defense and automotive industries. However, the second included “more elaborate content,” and thus likely went unnoticed by victims. Given the historically prolific nature of Lazarus—named “the most active” threat group of 2020 by Kaspersky —the latest attack against engineers “is not expected to be the last,” the report noted. “Attack lures, potentially targeting engineering professionals in government organizations, showcase the importance of tracking Lazarus and their evolution,” the report said. ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.