A recent security research by Nikita Rostovcev, a Senior Threat Analyst at the Advanced Persistent Threat Research Team, Group-IB, highlights a concerning trend: cybercriminals targeting job boards in the Asia-Pacific (APAC) region. Let’s break down the key points and their implications:
APAC Job Boards Under Attack: How Hackers are Exploiting Them and What You Need to Know
- Group Name: “ResumeLooters” identified as the culprit behind the attacks.
- Target: Job boards across Asia-Pacific APAC, primarily focusing on Singapore, Malaysia, and Indonesia.
- Method: Malicious code injected into job postings to steal resumes and personal data.
- Millions Affected: Estimated that millions of job seekers’ resumes and personal information compromised.
- Data Breach: Stolen data includes names, contact details, education, and work experience.
- Potential Uses: Identity theft, phishing attacks, targeted scams, and selling data on the dark web.
- Target Selection: APAC region may be seen as less prepared for cyberattacks, with job boards potentially having weaker security measures.
- Ease of Access: Job boards offer a vast pool of personal information readily available for attackers.
- Financial Motive: Stolen data can be sold for financial gain or used for fraudulent activities.
The researchers identified 65 websites compromised by ResumeLooters between November 2023 and December 2023. By using SQL injection attacks against websites, the threat actor attempts to steal user databases that may include names, phone numbers, emails, and DOBs, as well as information about job seekers’ experience, employment history, and other sensitive personal data. The stolen data is then put up for sale by the threat actor in Telegram channels, identified by Group-IB’s Threat intelligence platform.added by Group-IB security researcher Nikita
- Beware of suspicious job postings: Look for signs of grammatical errors, unrealistic offers, or requests for excessive personal information.
- Use strong passwords and avoid sharing sensitive data in resumes.
- Monitor your accounts for suspicious activity and report any breaches immediately.
- Implement robust security measures to protect user data.
- Regularly monitor and scan for malicious activity.
- Educate users about cybersecurity best practices.
- Increase awareness of cyber threats and encourage collaboration between stakeholders.
- Strengthen regulations and enforce data protection laws.
How Hackers are Exploiting APAC Job Boards
According to Group-IB. in between November and December 2023, the gang successfully conducted SQL injection and Cross-Site Scripting (XSS) attacks against recruitment and retail websites in the Asia-Pacific region.
“By using SQL injections, the group has stolen data from 65 websites. The stolen files contained a total of 2,188,444 rows, of which 510,259 were user data stolen from job search websites.”
“Various penetration testing tools have been identified on the group’s malicious servers, including sqlmap, Acunetix, Beef Framework, X-Ray, Metasploit, ARL (Asset Reconnaissance Lighthouse), and Dirsearch.”
- Vulnerable Job Boards: Highlights the need for stronger security measures on job board platforms, including multi-factor authentication and regular vulnerability assessments.
- Phishing Awareness: Job seekers should be cautious of unsolicited emails and links, even if they appear legitimate. Verify the sender’s address and avoid downloading attachments from unknown sources.
- Data Privacy: Employers have a responsibility to protect the personal information of job applicants. Implementing robust data security practices and transparent privacy policies is crucial.
Looking Ahead: Need to Know
- Law Enforcement: Investigation and prosecution of the cybercriminals are essential to deter future attacks.
- Industry Collaboration: Job boards, cybersecurity firms, and government agencies need to collaborate to improve security standards and raise awareness.
- User Education: Continuous education for both job seekers and employers on cybersecurity best practices is vital to mitigate future risks.
This attack highlights the growing sophistication of cybercriminals and the need for vigilance in protecting personal data online. Job seekers and job boards alike must be aware of the risks and take proactive steps to mitigate them. Governments also have a crucial role in creating a safer online environment through regulations and collaboration.