When it comes to social media, especially Facebook and Twitter, I am guarded when it comes to whom I friend or follow. I use Facebook almost exclusively to connect with friends, family or business acquaintances. I use Twitter mostly for news and commentary that’s of interest to me personally.
But there is another social media site I use a lot, and that’s LinkedIn. LinkedIn differs from Facebook and Twitter’s generalized social interactions by focusing on helping people make and maintain professional connections. LinkedIn was purchased last year by Microsoft for $26.2 billion, and has become Redmond’s foray into social media.
While I’m highly selective about my interactions on Facebook and Twitter, with LinkedIn I tend to be more liberal about okaying requests to connect. I’ve reasoned that since LinkedIn is for business networking, the more people I network with, the better it is for my career and business relationships. I suspect that’s the feeling shared by the millions of others LinkedIn users who frequent the site for similar reasons.
But then I came across a report from SecureWorks, an Atlanta-based cybersecurity subsidiary of Dell (the computer company), titled “The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets.” According to the July 27 report, SecureWorks says it observed phishing campaigns targeted at Middle East and North Africa that delivered PupyRAT, the codename for a nasty bit of malware that targets Windows, Linux, OS X and Android systems, using a fake person named “Mia Ash.”
In short, this report reveals that a known Iranian hacker group called Cobalt Gypsy created the fake LinkedIn profile of a woman it dubbed Mia Ash and identified as a celebrated photographer. When I checked out Mia Ash’s profile, it looked like so many others I’ve scanned on both LinkedIn and other social media networks over the years.
The fake profile’s goal was to connect with individuals working in Middle Eastern companies, then trick users into opening a Word document using their company’s email in order to deliver the malware. The malware could then infect their company’s network and potentially allow malefactors entry into the network to steal information, or do who knows what else.
It turns out this wasn’t the first time Cobalt Gypsy had targeted LinkedIn users. Some years ago, the hacker group used agents posing as recruiters on the social networking service to lure their targets into downloading malware-laden job applications. Their goal was the same: to try and get users to open a Word document that used their company email addresses to deliver the payload. In this case, the fake LinkedIn persona was someone called “Timothy Stokes,” whose profile identified him as a recruiter for a well known company.
It’s not just LinkedIn, either. I’ve come across many requests on Facebook that don’t survive basic scrutiny. Some are blatantly obvious. I recently received a friend request from someone who said they were the CEO of a Minnesota company — when I looked up the company, it didn’t exist. It’s the more shrewdly generalized ones, say one for a fictitious mid-level employee of a company that does exist, that I worry about.
I’d be the last person to discourage anyone from using social media. LinkedIn and Facebook remain vital tools for making connections and developing relationships. However, after reading about Mia Ash, I will no longer accept LinkedIn requests without sufficient due diligence. And I plan to be even more careful when it comes to Facebook requests as well.
It stands to reason, given social media’s proliferation and our increasing dependence on it, that its users are going to be increasingly targeted by hackers looking to gain access to business or consumer data. Although the two instances above focused on the Middle East, I’ve spoken with other security companies who say that this sort of attack is on the rise in the U.S., and that people need to be much more cautious.
If you work for a company that uses social tools like LinkedIn, SecureWorks says your company should have a system in place whereby employees can report any unusual or suspicious activity. This would include any requests from unknown parties asking about an employer’s business systems or corporate network, as well as flagrant requests to perform actions such as opening documents. SecureWorks also suggests that business users should disable macros — shortcut instructions designed to trigger a sequence of operations — in Microsoft Office, to mitigate the threat posed by malicious documents, should a person accidently open one of these malware-laden files.
Some of this comes down to common sense. Be exceedingly cautious about whom you friend, and never open a document from anyone, unless it comes from a person you know and trust. Social media has many merits, but as this SecureWorks report shows, it can be used for nefarious purposes. Companies like Facebook and LinkedIn need to continually refine their own anti-hacking tools and A.I. algorithms, but user diligence remains a crucial part of the process. Don’t automatically accept a request from anyone, and make sure those you eventually do check out.
Tim Bajarin is recognized as one of the leading industry consultants, analysts and futurists, covering the field of personal computers and consumer technology. Mr. Bajarin is the President of Creative Strategies, Inc and has been with the company since 1981 where he has served as a consultant providing analysis to most of the leading hardware and software vendors in the industry.