CTM360 has observed a trend in which employees from financial institutions are exposing critical company information or infrastructure-related details on professional networking and employment platforms. Such information is utilized by threat actors to conduct social engineering or exploit known vulnerabilities in the disclosed systems.
Employee profiles often disclose sensitive information when outlining their job responsibilities. Such profiles state involvement in systems, such as SWIFT payments or specific security technologies used within the organization; these are most prevalent on Linkedin profiles and also included in resumes uploaded to employment portals. These disclosures are valuable for attackers as it puts organizations at risk and also exposes the employee as a social engineering target.
TYPICAL ATTACK LIFECYCLE
Threat actors often select their victims depending on the extent of information given on their professional networking profiles. Attackers also use different profiling techniques to collect data from employment-oriented online networks such as LinkedIn, Xing, Bayt, Rozee, GulfTalent, NaukriGulf etc. to identify potential targets.
One of the main methods to conduct this is by searching employee profiles from a particular company to see if they have mentioned any sensitive keywords. Once identified, the selected victim is approached with a fake job interview to collect more data, or the already disclosed information is used to discover third party vendor vulnerabilities that are used to infiltrate the victim’s organisation.