Hackers use LinkedIn to target UK nuclear waste firm
Radioactive Waste Management (RWM) has joined a list of organisations targeted by cybercriminals using LinkedIn.
RWM which is part of the Nuclear Waste Services (NWS) revealed that criminals have tried to get into the organization multiple times in the recent months.
The firm is yet to release an official statement but while talking to a popular publication it noted that although low-level phishing attempts have been detected, the company's cybersecurity defenses successfully thwarted them.
The organization emphasized that there has been no disruption to business or site operations.
Commenting on the story, Javvad Malik, lead security awareness advocate at KnowBe4 says that it’s a classic case of cybercriminals using open-source information for targeted attacks.
He pointed out that cybercriminals utilized open source intelligence (OSINT) to gather publicly available information on employees and then employed spear-phishing emails through platforms like LinkedIn to trick individuals into taking malicious actions.
Social engineering is one of the oldest tactics used by hackers and continues to be a big thorn in the flesh for defenders.
It involves activities such as creating fake business accounts and sending deceptive messages.
Last month, the UK's National Cyber Security Centre (NCSC) and international partners warned of Russia-based hacking group Star Blizzard using similar techniques to target defense and governmental organizations.
LinkedIn, being a widely used professional network globally, has become a prime hunting ground for cyber attackers.
Cybersecurity consultant Adam Pilton noted that phishing attempts often exploit LinkedIn, citing instances where new job statuses posted on the platform were leveraged for deceptive emails.
He referenced a previous incident involving the Lazarus group targeting individuals on LinkedIn with a fake recruitment process, leading victims to download malware-containing materials.
To combat social engineering, organizations are encouraged to conduct comprehensive training programs.
Empowering employees to recognize and counteract social engineering tactics, is crucial for safeguarding sensitive information and bolstering the resilience of critical infrastructure.