Hackers use LinkedIn to target UK nuclear waste firm

Radioactive Waste Management (RWM), which is planning a huge underground nuclear waste store in the north of England, has been targeted by cyber criminals via LinkedIn, according to The Guardian. 

Accounts for RWM filed at Companies House show that the organization has been targeted by cyber criminals using various methods, including the use of popular social network platforms to dupe staff.

RWM, which is part of Nuclear Waste Services (NWS), revealed that attacks have escalated in recent months, raising concerns over the risk of hackers gaining access to highly sensitive materials.

NWS chief executive, Corhyn Parr, said the government-backed organization has experienced “instances of potential exploitation of ownership change through specific attack vectors, predominantly LinkedIn targeting".

NWS hasn't yet responded to an enquiry from ITPro, but told The Guardian that while low-level phishing attempts have been detected, they have been foiled through the company's cyber defenses.

The firm added that there’s been no disruption of business or site operations as a result.

Javvad Malik, lead security awareness advocate at KnowBe4, said the report shows a classic case of cyber criminals using open source information to target organizations.

"In this case it appears as if OSINT - open source intelligence - was used to gather publicly available information on employees, and to determine the appropriate targets," he said.

"Then, spear phishing emails were sent via social media, mainly LinkedIn in an attempt to get those individuals to either click on a malicious link, download software, give up credentials, or simply to build trust.

“In all these steps, no organizational systems were touched, so any technical security controls are bypassed completely."

The incident highlights a growing problem. Last month, for example, the UK's National Cyber Security Centre (NCSC) and international partners warned that Russia-based hacking group Star Blizzard was using spear phishing techniques via email and social media to target defense and governmental organizations.

LinkedIn has been the method of choice in previous attacks on industry and infrastructure, according to Adam Pilton, cyber security consultant at CyberSmart.

Used by millions of professionals globally, the popular social network has become a key hunting ground for targets in recent years.

"I am sure most people will have heard of or been subject to the common phishing email from management when they first start a role, requesting urgent action such as buying vouchers. This is highly likely to be connected to the new job status we post on LinkedIn,” he said.

"Last year, we saw the Lazarus group targeting people on LinkedIn with a fake ‘recruitment process’ in which they were asked to demonstrate their competency by downloading and completing a quiz. This download contained malware."

This attack, uncovered by researchers at ESET, was carried out against an aerospace company in Spain. Fake recruiters believed to belong to the Lazarus group contacted victims via LinkedIn Messaging in an attempt to steal company information.

"Social engineering, encompassing tactics such as creating fake business accounts and sending deceptive messages, remains a persistent risk that organizations must address through comprehensive training programs," said Erfan Shadabi, cybersecurity expert at comforte AG.

"Organizations should empower their employees to recognize and thwart cyber threats, particularly those originating from social engineering tactics. This approach will not only safeguard sensitive information but also contribute to the resilience of critical infrastructure."