Hackers are known to always be on the lookout for new ways to scale up their attacks, and so go after businesses and organisations that may help them exploit vulnerabilities to infect a wider network of targets. A LinkedIn bug, recently uncovered by security experts, could have provided cybercriminals with just such an avenue of attack.
A flaw in LinkedIn Messenger, could have allowed hackers to upload malware-laced files and potentially infect users. The vulnerabilities uncovered by Checkpoint researchers could have allowed hackers to "bypass the security restrictions and attach a malicious file to the LinkedIn messaging service". Essentially, the flaw could have potentially allowed hackers to upload fake resumes containing malicious code, which when clicked on, could infect the victim's system and networks.
"We have been able to identify multiple vulnerabilities that take advantage of LinkedIn's security restrictions, " the Checkpoint researchers said in a blog. They said the flaws could have been exploited by hackers to upload a seemingly normal-looking file that passed LinkedIn's security checks. "However, the file is only masquerading as a legitimate file, in reality, it is a form of malware that contains malicious content, able to infect the recipient's network."
The researchers said they identified four vulnerabilities and reported them to LinkedIn on 14 June, 2017. The flaws were "verified and acknowledged" by LinkedIn and a fix was issued on 24 June.
The vulnerabilities could have allowed hackers to create a Windows registry file containing a malicious Power Shell script and disguised as a PDF file, a malicious XLSM file, disguised as an XLSX file and a malicious DOCX file.
"The vulnerability itself provides an attacker with the means to make malicious files available to the potential victim – but that hardly calls this vulnerability out as being particularly unique or special," John Smith, principal solution architect at Veracode, told SC Magazine.
"But unless the victim actually opens the malicious file then the attack is not successful, and this is where the issue of trust arises. Users have been told for years not to open attachments or click on links that they receive from sources that they do not trust, but communication on LinkedIn carries with it an implied trust based on our network which would likely increase the success rate for the attacker."
"The issue here is that such manipulations increase latency and can render some content unreadable. Ultimately, effective endpoint monitoring, detection and response capabilities are still needed," SentinelOne chief security consultant Tony Rowan said.