Think Before You Link

Trojan Twins

What do Trojans and Malicious Profiles have in common? Metaphorically speaking they both use, in the words of Wikipedia, a “trick or stratagem that causes a target to invite a foe into a securely protected bastion or place”. In the case of the first, a computer user is tricked to run a malicious programme and in the second, a professional networking site user is tricked to connect with a malicious profile.

Industrial Scale Targeting

Commonalities do not end there. Firstly, both types of incident are happening on an industrial scale. According to AV-Test Institute statistics published in April, 350,000 new pieces of malware are being detected every day, and it is estimated that Trojans account for nearly 1 in 6 of them. In the first six months of 2020, LinkedIn identified - and were able to stop - 37 million fake profiles on their networking site. Secondly, occurrence of these incidents has increased dramatically during the pandemic with the rise in homeworking.

Finely crafted messages

The third area of commonality is the use of finely crafted messages by the actor. According to the European Union Agency for Cybersecurity (ENISA), actors are using increasingly sophisticated phishing messages in their malware. And in the same vein, behavioural science research undertaken by CPNI to inform the Think before you Link campaign, revealed that hostile state actors are using psychological techniques derived from romance and finance scams to lure their users in.

Sectoral risk

Government, digital and technology are among the sectors targeted for both type of incident. MI5 estimates that 10,000 government officials alone have been approached by malicious profiles on professional networking sites on behalf of hostile state actors over the last five years. And they believe this to be the tip of the iceberg.

Solution at hand

Which is why CPNI, who report into the DG of MI5, have launched a campaign to curtail the incidence of malicious profiles on these sites. The campaign, Think before you Link, urges users to take four steps to:

1. Recognise the malicious profile

2. Realise the threat it poses

3. Report the profile to security/networking site/CPNI

4. Remove the connection from their network

CPNI have produced two videos as part of the campaign: Glitch and Linked which take the viewer through the four steps; these and thecampaign materials can be found on the CPNI website.

About CPNI

CPNI is the Centre for the Protection of National Infrastructure and is responsible for the protective security of UK infrastructure and sensitive industries. It combines its experience in running personal/personnel security campaigns with dealing with national security threats.

Article by the Head of Personnel and People Security & Insider Threat Research Centre at the Centre for the Protection of National Infrastructure (CPNI)