A substantial increase in phishing campaigns utilizing LinkedIn Smart Links has been observed, specifically targeting Microsoft Office credentials. These campaigns, identified the Cofense Phishing Defense Center (PDC), have been infiltrating user email inboxes across various industries, with a focus on finance and manufacturing.
Smart Links, commonly used LinkedIn teams or business accounts connected to LinkedIn Sales Navigator services, serve to deliver content and track engagement metrics. While the use of Smart Links in phishing attacks is not new, this recent wave has been particularly concerning due to the sheer volume of emails containing over 80 unique LinkedIn Smart Links.
The researchers at Cofense highlighted that LinkedIn’s trusted brand and domain name make it an ideal tool for malicious actors to exploit. By embedding Smart Links into emails, these attacks canpass security email gateways (SEGs) and other security measures, making detection more challenging.
Spear-phishing credential theft has seen a significant increase this year, with cybercriminals targeting access brokers who sell company access to ransomware groups. According to Patrick Harr, CEO of SlashNext, these access brokers often gain entry through spear-phishing attacks. Cybercrime has expanded beyond traditional methods and has embraced social, mobile, and collaboration channels, leading to an expansion in spear-phishing attacks combined with credential stealing.
The misuse of LinkedIn Smart Links exemplifies how threat actors are adapting their tactics topass existing defenses. Vinay Pidathala, Senior Director of Menlo Labs, emphasized that security vendors and their solutions rely on the concept of trust. Since legitimate websites like LinkedIn are deemed trustworthy, attacks that utilize Smart Links often go undetected traditional security systems, increasing the likelihood of a successful attack.
While the vision of a passwordless world may be desirable, the transition away from password-based authentication poses challenges. According to Emily Phelps, Director at Cyware, organizations face high costs and disruptions when implementing infrastructure mechanisms on a large scale. Moreover, completely eliminating passwords does not eradicate credential stuffing attacks.
In summary, a resurgence of phishing campaigns utilizing LinkedIn Smart Links has been observed, with a focus on targeting Microsoft Office credentials. These attacks exploit the trusted reputation of LinkedIn topass security measures, highlighting the need for organizations to remain vigilant and adopt multi-layered security approaches.
– Phishing: A cyber attack where perpetrators impersonate legitimate organizations to deceive individuals into providing sensitive information such as usernames, passwords, or financial details.
– Smart Links: Links used a LinkedIn team or business account connected to LinkedIn Sales Navigator services to deliver content and track engagement metrics.
– Credential Stuffing: An attack method where cybercriminals use stolen usernames and passwords from other data breaches to gain unauthorized access to user accounts on various platforms.
– Cofense: https://cofense.com/blog/creeping-credential-phishing-campaign-new-twist-linkedin-smartlinks/
– SlashNext: https://www.slashnext.com/
– Menlo Labs: https://www.menlosecurity.com/
– Cyware: https://cyware.com/