I used to consider having a LinkedIn profile one of the core traits of authenticity on social media. Given the professional nature of the platform, we did not see the same issues with social engineering scams that are rampant on other social media platforms like Facebook, Twitter, and Instagram.
However, as with all things, cyber criminals find more efficient avenues for exploitation, and currently, the platform of choice is LinkedIn; the potential victims are lucrative Web 3 companies and their digital assets.
Back in March of this year, Sky Mavis, the company behind Axie Infinity, was drained of 622 million via the Ronin side chain. The United States government later confirmed that this attack was perpetrated by the Lazarus Group, a state-sponsored hacking group backed by North Korea.
The People’s Republic has become a major player in the cybercrime realm as it hopes to avoid increasingly restrictive international sanctions by laundering cryptocurrencies. Likely taking a cue from the success of the Axie hack, state-sponsored cyber criminals are now broadening their ambitions and leveraging platforms like LinkedIn to infiltrate companies and exploit their security vulnerabilities.
According to the cyber threat defense solutions firm Mandiant, hackers will generally begin by lifting details from a compelling professional account on LinkedIn. They will copy the victim’s resume and professional background. The cybercriminals will then apply across a range of remote positions, usually in the Web 3 IT space.
The goal is to access positions of influence over the organization’s online security infrastructure. Once inside the company, the hackers will identify potential security lapses and vulnerabilities that could be exploited to extract cryptocurrencies and NFTs.
Identity theft and subsequent deceit are made possible by the wealth of professional information readily available on LinkedIn. The cybercriminals will generally present themselves as being South Korean or Japanese and will target lucrative positions in North America and Europe.
According to Joe Dobson, a principal analyst at Mandiant, “It comes down to insider threats…If someone gets hired onto a crypto project, and they become a core developer, that allows them to influence things, whether for good or not.”
In an age where remote work and NFT profile pictures are a norm for our industry, the threat posed by cybercriminals is compounded well beyond what we saw in Web 2. Beyond just vetting potential new hires, employers now need to exercise caution as the identity theft issue on LinkedIn will only become exacerbated over time.
Thank you for reading.
Check out my unfiltered thoughts on Twitter:
Follow my career on LinkedIn:
My other Shower Thoughts on Medium:
Also published here