On June 1, 2022, researchers at ESET published information on recent attacks attributed to the North Korean group Lazarus (also known as APT38). In the article, ESET described one of the group’s long running campaigns and the TTPs they are using. Among the tactics, ESET mentioned that Lazarus used fake recruitment scams and messaging applications (specifically LinkedIn, WhatsApp, and Slack). While they didn’t give specific details about how the attacks were carried out, this does highlight the need for enterprises to think outside of the traditional email security box and consider how to defend their entire business communications ecosystem from cross-channel attacks.
In the past year, we have seen multiple threat actor groups and cyber criminals utilize mobile messaging to gain entry or escalate privileges within an enterprise. Additionally, we are seeing a rising trend in credential stealers that are targeting accounts for applications like Telegram. Of course these channels look attractive to APT groups like Lazarus, as they tend to connect to devices outside of the organization's perimeter (like BYOD phones) and they have little to no native protections on them for detecting malware, malicious links, or language indicative of social engineering attacks. On top of that, most defenders have barely any visibility into these channels, so when an attack occurs through one of them, they likely will not be alerted to it.
SafeGuard Cyber’s mission is to help defenders gain the unified visibility needed to detect suspicious/malicious activity, and get alerts on such events. We do so in a manner that consolidates the security for over 30 messaging applications into one unified solution that can provide the same level of visibility and automated analysis across them all.
To see how we do this, please take a look at our demo for detecting a multi-channel fake recruitment scam that we analyzed with our platform, or read the full write up on multi-channel attacks here.
If you are interested in learning more about the SafeGuard Cyber solution, you can take a quick 5-minute tour.