Think Before You Link
Trojan Twins
What do Trojans and Malicious Profiles have in common? Metaphorically speaking they both use, in the words of Wikipedia, a 'trick or stratagem that causes a target to invite a foe into a securely protected bastion or place'. In the case of the first, a computer user is tricked to run a malicious programme and in the second, a professional networking site user is tricked to connect with a malicious profile.
Industrial Scale Targeting
Commonalities do not end there. Firstly, both types of incident are happening on an industrial scale. According to AV-Test Institute statistics published in April, 350,000 new pieces of malware are being detected every day, and it is estimated that Trojans account for nearly 1 in 6 of them. In the first six months of 2020, LinkedIn identified - and were able to stop - 37 million fake profiles on their networking site. Secondly, occurrence of these incidents has increased dramatically during the pandemic with the rise in homeworking.
Finely crafted messages
The third area of commonality is the use of finely crafted messages by the actor. According to the European Union Agency for Cybersecurity (ENISA), actors are using increasingly sophisticated phishing messages in their malware. And in the same vein, behavioural science research undertaken by CPNI to inform the Think before you Link campaign, revealed that hostile state actors are using psychological techniques derived from romance and finance scams to lure their users in.
Sectoral risk
Government, digital services and technology are among the sectors targeted for both type of incident. MI5 estimates that 10,000 government officials alone have been approached by malicious profiles on professional networking sites on behalf of hostile state actors over the last five years. And they believe this to be the tip of the iceberg.
Solution at hand
Which is why CPNI, who report into the DG of MI5, have launched a campaign to curtail the incidence of malicious profiles on these sites. The campaign, Think before you Link, urges users to take four steps to:
- Recognise the malicious profile
- Realise the threat it poses
- Report the profile to security/networking site/CPNI
- Remove the connection from their network
CPNI have produced two videos as part of the campaign: Glitch and Linked which take the viewer through the four steps; these and the campaign materials can be found on the CPNI website.
About CPNI
CPNI is the Centre for the Protection of National Infrastructure and is responsible for the protective security of UK infrastructure and sensitive industries. It combines its experience in running personal/personnel security campaigns with dealing with national security threats.
Author: The Head of Personnel and People Security & Insider Threat Research Centre at CPNI