The article details a campaign by the threat group Venom Spider, which has begun targeting HR professionals through spear-phishing. By exploiting legitimate job platforms, they send fake resumes that introduce a malware backdoor called More_eggs. The findings highlight the growing trend of targeting HR personnel as a means to compromise sensitive information. Roger Grimes emphasizes the escalating hazards in HR, recommending organizations to adequately train HR employees to recognize phishing attempts, as they are now prime targets for malicious activities.
This is far from a new tactic, but is definitely getting more use by malicious hackers. It used to be that HR was very sparingly targeted, but now they have become a target of choice. When doing cybersecurity risk management, I'd put anyone in the HR hiring path, including recruiters, hiring managers, people who interview new recruits, etc., on the list of your highest risk employees, alongside the previously identified high-risk positions in IT, C-level employees, and accounts payable.
HR, in general, has become a hotbed for scammers and malicious never-do-wells. We've got fake employees, fake employers, outgunned recruiters, and paid advertising by malicious hackers entering the hiring ecosystem in a way that has never been before. It's nation-state level stuff, highly resourced, and coming for your company for sure!
Collection
[
|
...
]